edu-webcomponents 1.13.0 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/docs/publish-packages-to-npm-registry-docs.md +41 -0
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -41,3 +41,6 @@
41
41
 
42
42
  ## 1.13.0 - 2024-06-20
43
43
  - Fix provenance when publishing packages to npm registry
44
+
45
+ ## 1.14.0 - 2024-06-21
46
+ - Update docs of publishing packages to npm registry with provenance
package/docs/publish-packages-to-npm-registry-docs.md CHANGED
@@ -3,3 +3,44 @@
3
3
  - Add PAT created to GitHub secrets
4
4
  - Use workflow from [here](https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages#publishing-packages-to-the-npm-registry)
5
5
 
6
+ ## Provenance
7
+
8
+ ### What is is?
9
+
10
+ You can generate provenance statements for the packages you publish. This allows you to publicly establish where a package was built and who published a package, which can increase supply-chain security for your packages.
11
+
12
+ More info: [https://docs.npmjs.com/generating-provenance-statements](https://docs.npmjs.com/generating-provenance-statements).
13
+
14
+ ### How to
15
+ Add permissions and provenance flag to the workflow job that publishes packages to npm registry, as you can see here:
16
+ ```
17
+ name: Publish Package to npmjs
18
+ on:
19
+ release:
20
+ types: [published]
21
+ jobs:
22
+ build:
23
+ runs-on: ubuntu-latest
24
+ permissions:
25
+ contents: read
26
+ id-token: write
27
+ steps:
28
+ - uses: actions/checkout@v4
29
+ - uses: actions/setup-node@v4
30
+ with:
31
+ node-version: '20.x'
32
+ registry-url: 'https://registry.npmjs.org'
33
+ - run: npm install -g npm
34
+ - run: npm ci
35
+ - run: npm publish --provenance --access public
36
+ env:
37
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
38
+ ```
39
+
40
+ Add repository object with type and url properties to the package.json, as you can see here:
41
+ ```
42
+ "repository": {
43
+ "type": "git",
44
+ "url": "https://github.com/eduardocruzpalacios/edu-webcomponents"
45
+ },
46
+ ```
package/package.json CHANGED
@@ -11,7 +11,7 @@
11
11
  ],
12
12
  "license": "MIT",
13
13
  "author": "edu-webcomponents",
14
- "version": "1.13.0",
14
+ "version": "1.14.0",
15
15
  "repository": {
16
16
  "type": "git",
17
17
  "url": "https://github.com/eduardocruzpalacios/edu-webcomponents"