provenance on NPM #1806
Description
https://github.blog/2023-04-19-introducing-npm-package-provenance/
https://docs.npmjs.com/generating-provenance-statements
- To publish a package with provenance, you must build your package with a supported cloud CI/CD provider using a cloud-hosted runner. Today this includes GitHub Actions and GitLab CI/CD.
Example:
https://github.com/paulmillr/noble-hashes/blob/2.0.1/.github/workflows/release.yml
https://github.com/paulmillr/jsbt/blob/0.4.4/.github/workflows/release.yml
It also automates adding an entry to https://github.com/cosmos/cosmjs/releases (there's currently no 0.36.1 entry)