From 4f2a9fa4067d53624e7a085b60a9c98cd473e4e3 Mon Sep 17 00:00:00 2001
From: LitoMore <litomore@gmail.com>
Date: Sat, 21 Dec 2024 16:44:22 +0800
Subject: [PATCH] Generate provenance statements when publishing

---
 .github/workflows/release.yml | 1 +
 package.json                  | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a4b14ca..4aca9a3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,6 +12,7 @@ jobs:
       contents: write # to create a GitHub Release
       issues: write # to comment on issues included in a release
       pull-requests: write # to comment on Pull Requests included in a release
+      id-token: write # to generate npm provenance statements
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/package.json b/package.json
index 885a454..2112344 100644
--- a/package.json
+++ b/package.json
@@ -35,6 +35,10 @@
     "prepublishOnly": "rollup -c",
     "test": "mocha --timeout 10000"
   },
+  "publishConfig": {
+    "provenance": true,
+    "access": "public"
+  },
   "dependencies": {
     "ansi-regex": "^6.0.1",
     "chalk": "^5.0.0",