Comment by mathuo

This is in related to the publication of the package to npm. All of the publications are verified with provenance statements as supported by NPM directly; it's something I believe all NPM packages should be required to use but as of now it's optional; it simply provided verifiable signatures as to what was built and how it was built.

https://docs.npmjs.com/generating-provenance-statements

https://www.npmjs.com/package/dockview#provenance