You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The proposal lays out planned changes in the npm CLI but our aim is to build it in such a way that it would be straight forward for any npm client (e.g. yarn) to add support.
We're working on a client library that will implement the bulk of the signing logic (sigstore-js), this will be the main integration point.
I wanted to raise awareness of this proposal and ask for any feedback and thoughts on how to best collaborate on making an integration with yarn happen.
Sidenote: I'm now realising "linking" might be a pretty overloaded term for npm related things 🤔
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
👋 We've published a RFC for linking npm packages to their source and build using the Sigstore project (you could think of this as "software signing as a service").
The proposal lays out planned changes in the npm CLI but our aim is to build it in such a way that it would be straight forward for any npm client (e.g. yarn) to add support.
We're working on a client library that will implement the bulk of the signing logic (sigstore-js), this will be the main integration point.
I wanted to raise awareness of this proposal and ask for any feedback and thoughts on how to best collaborate on making an integration with yarn happen.
Sidenote: I'm now realising "linking" might be a pretty overloaded term for npm related things 🤔
Beta Was this translation helpful? Give feedback.
All reactions