Skip to content

fix(npm): add repository metadata for provenance checks#11

Merged
stefanosala merged 1 commit into
mainfrom
fix/npm-provenance-repository-url
May 22, 2026
Merged

fix(npm): add repository metadata for provenance checks#11
stefanosala merged 1 commit into
mainfrom
fix/npm-provenance-repository-url

Conversation

@stefanosala

@stefanosala stefanosala commented May 22, 2026

Copy link
Copy Markdown
Owner

Summary

  • add repository metadata to all npm package manifests published by the release workflow
  • set repository URL to https://github.com/stefanosala/vc-cli to match GitHub provenance source
  • fix npm provenance verification failure (E422) during trusted publishing

Test plan

  • Run .github/workflows/release-npm.yml with dry_run=false
  • Verify platform package publish succeeds with --provenance
  • Verify main @stefanosala/vc-cli package publish succeeds

Made with Cursor

@stefanosala @cursoragent
fix(npm): add repository metadata for provenance checks
c9deb15 
Add repository URL metadata to all npm package manifests so npm provenance validation matches the GitHub source repository during trusted publishing.

Co-authored-by: Cursor <cursoragent@cursor.com>
@stefanosala stefanosala self-assigned this May 22, 2026
@stefanosala stefanosala marked this pull request as ready for review May 22, 2026 14:30
Copilot AI review requested due to automatic review settings May 22, 2026 14:30
@stefanosala stefanosala merged commit 1d0f165 into main May 22, 2026
3 checks passed
@stefanosala stefanosala deleted the fix/npm-provenance-repository-url branch May 22, 2026 14:30
Copilot AI reviewed May 22, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds repository metadata to all npm package manifests published by the release workflow so npm provenance/trusted publishing can associate the published artifacts with the correct GitHub source repository.

Changes:

  • Added repository metadata to the main @stefanosala/vc-cli npm package manifest.
  • Added the same repository metadata to each platform-specific binary package manifest.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
npm/vc-cli/package.json Adds repository metadata for the main CLI npm package.
npm/cli-win32-x64/package.json Adds repository metadata for the Windows x64 platform package.
npm/cli-linux-x64/package.json Adds repository metadata for the Linux x64 platform package.
npm/cli-darwin-arm64/package.json Adds repository metadata for the macOS arm64 platform package.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@stefanosala stefanosala

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stefanosala