Hacker News new | ask | show | jobs
by S04dKHzrKT 81 days ago
This is where attestation/sigstore comes into play. Github has a first-party action for it and I wish more projects would use it. Regarding javascript specifically, I believe npm has builtin support for sigstore.

* https://docs.github.com/en/actions/concepts/security/artifac...

* https://www.sigstore.dev/

* https://github.com/actions/attest