Fail CI when dependencies in your lockfile lose npm provenance or trusted publisher status
-
Updated
Jun 12, 2026 - TypeScript
#
trusted-publishing
Here are 20 public repositories matching this topic...
A composite GitHub Action that turns conventional commits into a draft release PR, tags the PR on merge, and stages publishing to npm via OIDC trusted publishing.
-
Updated
Jun 12, 2026 - TypeScript
cli npm-package developer-tools workflow-automation ai-agents ai-workflow trusted-publishing model-routing hermes-agent
-
Updated
May 18, 2026 - JavaScript
Indexing support for Trusted Publishing on PyPI
-
Updated
Jun 2, 2026 - Python
Trusted Publishing for Docker registries using GitHub Actions OIDC.
-
Updated
Jun 10, 2026 - TypeScript
Easily compare the local devices windows release & build version, against broadly available official Windows 11 versioning. Detects silent updating-issues. This Repository also acts as the always up to date web-source of truth, it displays signed info accessible programmatically through designated GitHub pages.
python windows github-pages json-api pypi sysadmin compliance release-automation security-automation release-monitoring rmm windows-update windows-admin windows-11 github-actions win11 endpoint-management trusted-publishing microsoft-release-health
-
Updated
Jun 12, 2026 - Python
Get trusted publishing and build reproducibility insights for any Rust supply chain
-
Updated
Jun 12, 2026 - Rust
Consumer-side integrity verification for Ruby gems
ruby cli rubygems bundler security-audit provenance developer-tools software-supply-chain devsecops dependency-management slsa supply-chain-security sigstore integrity-verification trusted-publishing artifact-verification
-
Updated
Jun 12, 2026 - Ruby
[PoC] Trusted Publishing verifier for package URLs (purl)
-
Updated
Nov 15, 2025 - TypeScript
Published npm artifact boundary for handshake-protocol-kernel; trusted publishing and MCP metadata.
-
Updated
Jun 12, 2026 - JavaScript
an example of using a trusted publishing (OIDC) to publish a package
-
Updated
Oct 27, 2025
Advanced GitHub Actions and package supply-chain defense platform for the May 2026 CI/CD compromise wave.
ci-cd provenance oidc software-supply-chain devsecops react-dashboard github-actions fastapi supply-chain-security npm-security trusted-publishing pypi-security
-
Updated
May 8, 2026 - Python
Checks if an npm package version was published via a Trusted Publisher (OIDC/Provenance)
-
Updated
Apr 5, 2026 - JavaScript
TypeScript hello world library with dual ES modules/CommonJS support. Features GitHub Actions trusted publishing to npmjs with Sigstore attestation.
-
Updated
Jun 4, 2026 - TypeScript
Supply-chain-hardened release tool for JS/TS libraries. Multi-runner reproducible-build attestation, OIDC trusted publishing, hard pre-publish gates. Pure bash, zero dependencies.
bash npm provenance release release-automation oidc reproducible-builds npm-publish github-actions slsa secret-scanning supply-chain-security composite-action reusable-workflow trusted-publishing action-pinning hardened-release
-
Updated
Jun 3, 2026 - Shell
A reusable agent skill for shipping a JS/TS library to npm with GitHub Actions, including 8 well-documented pitfalls.
npm npm-package publishing ci-cd release-automation oidc github-actions claude-code trusted-publishing agent-skill workbuddy
-
Updated
May 28, 2026 - Go Template
npm package starter with OIDC trusted publishing, provenance, and CI/CD baked in
nodejs template npm typescript npm-package starter ci-cd provenance oidc github-actions vibe-coding trusted-publishing
-
Updated
Jun 11, 2026 - JavaScript
Evidence-first QuantumScalar DM simulation suite for reproducible runs, decision campaigns, and PyPI installs.
python simulation pypi scientific-computing reproducibility dark-matter evidence fastapi trusted-publishing
-
Updated
Jun 11, 2026 - Python
Reusable GitHub Actions CI for the Coroboros stack.
npm-package ci-cd oidc pnpm github-actions gitleaks composite-actions reusable-workflows trusted-publishing coroboros
-
Updated
Jun 9, 2026
🔒 Fail CI if dependencies in your lockfile lose npm provenance or trusted publisher status, enhancing the security of your projects.
wordpress security machine-learning provenance software-supply-chain hacktoberfest system-security adversarial-examples adversarial-attacks github-action in-toto slsa supply-chain-security slsaprovenance gh-actions-repo slsa-provenance slsa-framework trusted-publishing
-
Updated
Jun 12, 2026 - TypeScript
Improve this page
Add a description, image, and links to the trusted-publishing topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the trusted-publishing topic, visit your repo's landing page and select "manage topics."