You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+25Lines changed: 25 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -161,6 +161,31 @@ npx nx test <package-name> --coverage
161
161
-**[Migration Guide](./docs/MIGRATION.md)** - Migrating to the monorepo structure
162
162
-**[Security Policy](./docs/SECURITY.md)** - Security guidelines and reporting
163
163
164
+
## 🔐 Verifying provenance attestations
165
+
166
+
You can verify registry signatures and provenance attestations for installed packages using the npm CLI:
167
+
168
+
```bash
169
+
npm audit signatures
170
+
```
171
+
172
+
Quick example for a single package install:
173
+
174
+
```bash
175
+
npm install @supabase/auth-js
176
+
npm audit signatures
177
+
```
178
+
179
+
Example output:
180
+
181
+
```text
182
+
audited 1 package in 0s
183
+
184
+
1 package has a verified registry signature
185
+
```
186
+
187
+
Because provenance attestations are a new capability, security features may evolve over time. Ensure you are using the latest npm CLI to verify attestation signatures reliably. This may require updating npm beyond the version bundled with Node.js.
0 commit comments