Interface PackageProvenance

Expand description

Returned by verifyPackageProvenance after npm provenance checks pass.

remarks

Captures the Run Invocation URI from the npm provenance certificate. Call verifyAddon to confirm the addon binary was produced by the same GitHub Actions workflow run.

interface PackageProvenance {
    runInvocationURI: RunInvocationURI;
    verifyAddon(options: { sha256: Sha256Hex }): Promise<void>;
}

Properties§

§readonly runInvocationURI: RunInvocationURI

Methods§

Source§

Interface PackageProvenanceCopy item path

Properties§

Methods§

verifyAddon(options: { sha256: Sha256Hex }): Promise<void>

Interface PackageProvenance