Skip to content

fix: add repository metadata so the npm provenance publish succeeds#6

Merged
souf92i merged 1 commit into
mainfrom
fix/npm-provenance-repository
Jun 18, 2026
Merged

fix: add repository metadata so the npm provenance publish succeeds#6
souf92i merged 1 commit into
mainfrom
fix/npm-provenance-repository

Conversation

@souf92i

@souf92i souf92i commented Jun 18, 2026

Copy link
Copy Markdown
Member

Summary

Fixes the failed Release run after v1.0.0. The release publishes to npm with provenance (publishConfig.provenance: true + NPM_CONFIG_PROVENANCE: 'true' in release.yml), and npm rejects a provenance publish unless package.json has a repository.url matching the GitHub repo. The field was missing, so the first publish failed:

npm error 422 ... Error verifying sigstore provenance bundle:
package.json: "repository.url" is "", expected to match "https://github.com/evertrust/stream-mcp"

This adds repository (plus bugs / homepage). No code changes.

Recovery note

v1.0.0 cut a git tag but nothing was published to npm and no GitHub release was created. Merging this is a fix:, so the next release publishes v1.0.1 as the first real npm version; the unused v1.0.0 tag is left as-is (chosen over deleting a remote tag).

Test plan

  • package.json valid; repository.url resolves to https://github.com/evertrust/stream-mcp
  • prettier clean; commitlint-compliant fix: message
  • After merge: confirm the Release workflow publishes v1.0.1 with a valid provenance attestation

Provenance publish requires package.json repository.url to match the repo.

It was missing, so the v1.0.0 publish failed (E422). Adds repository/bugs/homepage.
@souf92i souf92i merged commit ed46a44 into main Jun 18, 2026
4 checks passed
@souf92i souf92i deleted the fix/npm-provenance-repository branch June 18, 2026 16:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant