Fail CI when dependencies in your lockfile lose npm provenance or trusted publisher status
-
Updated
May 21, 2026 - TypeScript
#
trusted-publishing
Here are 16 public repositories matching this topic...
cli npm-package developer-tools workflow-automation ai-agents ai-workflow trusted-publishing model-routing hermes-agent
-
Updated
May 18, 2026 - JavaScript
A composite GitHub Action that turns conventional commits into a draft release PR, tags the PR on merge, and stages publishing to npm via OIDC trusted publishing.
-
Updated
May 22, 2026 - TypeScript
Trusted Publishing for Docker registries using GitHub Actions OIDC.
-
Updated
May 20, 2026 - TypeScript
Indexing support for Trusted Publishing on PyPI
-
Updated
May 2, 2026 - Python
Get trusted publishing and build reproducibility insights for any Rust supply chain
-
Updated
May 21, 2026 - Rust
[PoC] Trusted Publishing verifier for package URLs (purl)
-
Updated
Nov 15, 2025 - TypeScript
Advanced GitHub Actions and package supply-chain defense platform for the May 2026 CI/CD compromise wave.
ci-cd provenance oidc software-supply-chain devsecops react-dashboard github-actions fastapi supply-chain-security npm-security trusted-publishing pypi-security
-
Updated
May 8, 2026 - Python
an example of using a trusted publishing (OIDC) to publish a package
-
Updated
Oct 27, 2025
TypeScript hello world library with dual ES modules/CommonJS support. Features GitHub Actions trusted publishing to npmjs with Sigstore attestation.
-
Updated
May 7, 2026 - TypeScript
Supply-chain-hardened release tool for JS/TS libraries. Multi-runner reproducible-build attestation, OIDC trusted publishing, hard pre-publish gates. Pure bash, zero dependencies.
bash npm provenance release release-automation oidc reproducible-builds npm-publish github-actions slsa secret-scanning supply-chain-security composite-action reusable-workflow trusted-publishing action-pinning hardened-release
-
Updated
May 3, 2026 - Shell
Checks if an npm package version was published via a Trusted Publisher (OIDC/Provenance)
-
Updated
Apr 5, 2026 - JavaScript
npm package starter with OIDC trusted publishing, provenance, and CI/CD baked in
nodejs template npm typescript npm-package starter ci-cd provenance oidc github-actions vibe-coding trusted-publishing
-
Updated
May 21, 2026 - JavaScript
Evidence-first QuantumScalar DM simulation suite for reproducible runs, decision campaigns, and PyPI installs.
python simulation pypi scientific-computing reproducibility dark-matter evidence fastapi trusted-publishing
-
Updated
May 21, 2026 - Python
Reusable GitHub Actions CI for the Coroboros stack.
npm-package ci-cd oidc pnpm github-actions gitleaks composite-actions reusable-workflows trusted-publishing coroboros
-
Updated
May 20, 2026
🔒 Fail CI if dependencies in your lockfile lose npm provenance or trusted publisher status, enhancing the security of your projects.
wordpress security machine-learning provenance software-supply-chain hacktoberfest system-security adversarial-examples adversarial-attacks github-action in-toto slsa supply-chain-security slsaprovenance gh-actions-repo slsa-provenance slsa-framework trusted-publishing
-
Updated
May 22, 2026 - TypeScript
Improve this page
Add a description, image, and links to the trusted-publishing topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the trusted-publishing topic, visit your repo's landing page and select "manage topics."