Comment by bossyTeacher
7 days ago
This is really impressive. Can I also give you major props for the following:
- Zero dependencies: wow, this is really good for a js package.
- Documentation: nice, clear and with examples
- Transparent builds: this should be a standard
I wish more js packages were like yours
> - Transparent builds: this should be a standard
Can you explain what "Transparent builds" means in this context?
From my understanding after a quick search, it is the standard. If any package requires me to figure out a manual build process after installing it, to get it to work, I simply do not use it.
This is in related to the publication of the package to npm. All of the publications are verified with provenance statements as supported by NPM directly; it's something I believe all NPM packages should be required to use but as of now it's optional; it simply provided verifiable signatures as to what was built and how it was built.
https://docs.npmjs.com/generating-provenance-statements
https://www.npmjs.com/package/dockview#provenance
[dead]
Attestation