From 712370899fca3763b82e02d6aee57fce384d9df7 Mon Sep 17 00:00:00 2001
From: Kilian Finger <hey@kilianfinger.com>
Date: Sat, 5 Oct 2024 18:27:03 +0200
Subject: [PATCH] feat: release with npm provenance

---
 .github/workflows/release.yml | 7 +++++++
 package.json                  | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 50736ef..bfd290b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -41,9 +41,16 @@ jobs:
     name: Release
     needs: [lint, test, example-build]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/setup
+      - name: Audit Signatures
+        run: npm audit signatures
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/package.json b/package.json
index 4327b12..45560a6 100644
--- a/package.json
+++ b/package.json
@@ -39,6 +39,9 @@
     "index.d.ts",
     "src"
   ],
+  "publishConfig": {
+    "provenance": true
+  },
   "scripts": {
     "semantic-release": "semantic-release",
     "test": "ava test/**/*.test.js",