feat: enable npm provenance for package publishing

amannirala13 · claude · amannirala13 · commit b5184a572b78 · 2025-10-20T05:07:21.000+05:30
- Add --provenance flag to CLI package publishing - Add --provenance flag to runner-node package publishing - Enhances package security and transparency - Users can verify packages were built from legitimate source 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -49,14 +49,14 @@ jobs:
       - name: Publish @envguard/cli to npm
         if: github.event.inputs.package == 'all' || github.event.inputs.package == 'cli' || github.event_name == 'release'
         working-directory: ./packages/cli
-        run: pnpm publish --no-git-checks --access public
+        run: pnpm publish --no-git-checks --access public --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Publish @envguard/runner-node to npm
         if: github.event.inputs.package == 'all' || github.event.inputs.package == 'runner-node' || github.event_name == 'release'
         working-directory: ./packages/runner-node
-        run: pnpm publish --no-git-checks --access public
+        run: pnpm publish --no-git-checks --access public --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
