From 456bd64195714e38096dfa10a5752c7841339d32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gautier=20Ben=20A=C3=AFm?= Date: Mon, 15 Dec 2025 17:17:12 +0100 Subject: [PATCH 1/3] feat(npm): automatically enable provenance when conditions are met --- packages/plugin-npm-cli/sources/commands/npm/publish.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/plugin-npm-cli/sources/commands/npm/publish.ts b/packages/plugin-npm-cli/sources/commands/npm/publish.ts index 04bc719d1dc..6ece332946e 100644 --- a/packages/plugin-npm-cli/sources/commands/npm/publish.ts +++ b/packages/plugin-npm-cli/sources/commands/npm/publish.ts @@ -140,6 +140,9 @@ export default class NpmPublishCommand extends BaseCommand { } else if (configuration.get(`npmPublishProvenance`)) { provenance = true; provenanceMessage = `Generating provenance statement because \`npmPublishProvenance\` setting is set.`; + } else if (process.env.CI && (process.env.GITHUB_ACTIONS && process.env.ACTIONS_ID_TOKEN_REQUEST_URL || process.env.GITLAB && process.env.SIGSTORE_ID_TOKEN)) { + provenance = true; + provenanceMessage = `Generating provenance statement because running in a trusted CI environment. Set \`npmPublishProvenance\` to false to disable provenance.`; } if (provenanceMessage) { From b8bed916a339cc1d97c6c5ca52fb08029ade54e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gautier=20Ben=20A=C3=AFm?= Date: Mon, 15 Dec 2025 17:21:33 +0100 Subject: [PATCH 2/3] Create 5f0ffe17.yml --- .yarn/versions/5f0ffe17.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .yarn/versions/5f0ffe17.yml diff --git a/.yarn/versions/5f0ffe17.yml b/.yarn/versions/5f0ffe17.yml new file mode 100644 index 00000000000..2fe7e0747e2 --- /dev/null +++ b/.yarn/versions/5f0ffe17.yml @@ -0,0 +1,36 @@ +releases: + "@yarnpkg/cli": patch + "@yarnpkg/core": patch + "@yarnpkg/plugin-npm": minor + "@yarnpkg/plugin-npm-cli": minor + +declined: + - "@yarnpkg/plugin-catalog" + - "@yarnpkg/plugin-compat" + - "@yarnpkg/plugin-constraints" + - "@yarnpkg/plugin-dlx" + - "@yarnpkg/plugin-essentials" + - "@yarnpkg/plugin-exec" + - "@yarnpkg/plugin-file" + - "@yarnpkg/plugin-git" + - "@yarnpkg/plugin-github" + - "@yarnpkg/plugin-http" + - "@yarnpkg/plugin-init" + - "@yarnpkg/plugin-interactive-tools" + - "@yarnpkg/plugin-jsr" + - "@yarnpkg/plugin-link" + - "@yarnpkg/plugin-nm" + - "@yarnpkg/plugin-pack" + - "@yarnpkg/plugin-patch" + - "@yarnpkg/plugin-pnp" + - "@yarnpkg/plugin-pnpm" + - "@yarnpkg/plugin-stage" + - "@yarnpkg/plugin-typescript" + - "@yarnpkg/plugin-version" + - "@yarnpkg/plugin-workspace-tools" + - "@yarnpkg/builder" + - "@yarnpkg/doctor" + - "@yarnpkg/extensions" + - "@yarnpkg/nm" + - "@yarnpkg/pnpify" + - "@yarnpkg/sdks" From 2d8134cb9de499a3d9919dba5a2ed180706ef358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gautier=20Ben=20A=C3=AFm?= Date: Mon, 15 Dec 2025 17:25:00 +0100 Subject: [PATCH 3/3] Update publish.ts --- packages/plugin-npm-cli/sources/commands/npm/publish.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/plugin-npm-cli/sources/commands/npm/publish.ts b/packages/plugin-npm-cli/sources/commands/npm/publish.ts index 6ece332946e..1a6e90e21a1 100644 --- a/packages/plugin-npm-cli/sources/commands/npm/publish.ts +++ b/packages/plugin-npm-cli/sources/commands/npm/publish.ts @@ -140,7 +140,7 @@ export default class NpmPublishCommand extends BaseCommand { } else if (configuration.get(`npmPublishProvenance`)) { provenance = true; provenanceMessage = `Generating provenance statement because \`npmPublishProvenance\` setting is set.`; - } else if (process.env.CI && (process.env.GITHUB_ACTIONS && process.env.ACTIONS_ID_TOKEN_REQUEST_URL || process.env.GITLAB && process.env.SIGSTORE_ID_TOKEN)) { + } else if (process.env.CI && (process.env.GITHUB_ACTIONS && process.env.ACTIONS_ID_TOKEN_REQUEST_URL || process.env.GITLAB_CI && process.env.SIGSTORE_ID_TOKEN)) { provenance = true; provenanceMessage = `Generating provenance statement because running in a trusted CI environment. Set \`npmPublishProvenance\` to false to disable provenance.`; }