Comment by S04dKHzrKT
24 days ago
This is where attestation/sigstore comes into play. Github has a first-party action for it and I wish more projects would use it. Regarding javascript specifically, I believe npm has builtin support for sigstore.
* https://docs.github.com/en/actions/concepts/security/artifac...
No comments yet
Contribute on Hacker News ↗