npm package

sigstore

3.1.0

Default version

Published

February 4, 2025

Description

code-signing for npm packages

Attestations

SLSA Provenance Attestation
This version has a SLSA provenance attestation.
VERIFIEDThe Sigstore bundle containing this attestation was verified using sigstore-go.

Repository

github.com/sigstore/sigstore-js (06cd2)

Build config

github.com/sigstore/sigstore-js/.github/workflows/release.yml

Built by

Log date

The time this entry was integrated into the rekor transparency log.

February 4, 2025 (index 168704762)

Workflow run

SLSA Version

To verify the attestation, run the "npm audit signatures" command or download the attestations bundle from NPM and use the slsa-verifier tool.

Links

Origin: https://registry.npmjs.org/sigstore/3.1.0
https://www.npmjs.com/package/sigstore/v/3.1.0
Homepage: https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme
Repo: https://github.com/sigstore/sigstore-js
Issues: https://github.com/sigstore/sigstore-js/issues
Attestations: https://registry.npmjs.org/-/npm/v1/attestations/sigstore@3.1.0

Projects

sigstore/sigstore-js

GitHub

Code-signing for npm packages

26 forks

161 stars

Project metadata as of April 26, 2025.

This site uses cookies from Google to deliver its services and to analyze traffic.