Type Alias PackageProvenance

Expand description

Returned by verifyPackageProvenance after npm provenance checks pass.

remarks

Captures the Run Invocation URI from the npm provenance certificate. Call verifyAddon to confirm the addon binary was produced by the same GitHub Actions workflow run.

type PackageProvenance = {
    runInvocationURI: RunInvocationURI;
    verifyAddon: (options: { sha256: Sha256Hex }) => Promise<void>;
}

Properties§

runInvocationURI: Run Invocation URI extracted from the npm provenance certificate.
verifyAddon: Verify that the addon binary with the given SHA-256 was attested by the same GitHub Actions workflow run that produced the npm package.

Type Alias PackageProvenanceCopy item path

Properties§

Type Alias PackageProvenance