notes.dt.in.th

npm checkmark

You can get a verified checkmark on your npm package if you build and publish it from GitHub Actions.

image

  1. In package.json, make sure repository.url is set to your repository’s URL.

      "repository": {
        "url": "git+https://github.com/dtinth/-.-"
      }
  2. Update your GitHub Actions workflow job.

    • Make sure it has the id-token: write permission.
    • Set environment variable NPM_CONFIG_PROVENANCE=true.
    jobs:
      release:
        name: Release
        runs-on: ubuntu-latest
        permissions:
          id-token: write
          contents: write
          packages: write
          pull-requests: write
          issues: read
        env:
          NPM_CONFIG_PROVENANCE: true

Further reading