Move @babel/cli to dev dependencies #7
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Installing this package should not pull in the Babel CLI as a dependency.
ibrahimcesar
pushed a commit
that referenced
this pull request
Nov 15, 2025
Implements comprehensive SLSA (Supply chain Levels for Software Artifacts) provenance generation to provide cryptographic verification of build integrity and origin. Changes: - Add comprehensive SLSA documentation (.github/SLSA.md) - Explains what SLSA is and why it matters - Provides verification instructions for users - Documents troubleshooting steps - Lists security benefits and limitations - Update auto-release.yml workflow - Add id-token and attestations write permissions - Generate build attestation using actions/attest-build-provenance@v2 - Add --provenance flag to NPM publish commands - Add --provenance flag to GitHub Packages publish - Update release.yml workflow - Add SLSA permissions to test and publish jobs - Generate build attestation after build step - Add --provenance flag to NPM publish commands - Add --provenance flag to GitHub Packages publish - Update CLAUDE.md documentation - Add PR #7 section documenting SLSA implementation - Update summary statistics - Mark SLSA as completed in recommendations Benefits: ✅ SLSA Build Level 3 certification ✅ Cryptographically signed build provenance ✅ Verifiable proof of build origin ✅ Protection against supply chain attacks ✅ NPM registry verification support ✅ GitHub attestations for all releases Users can now verify packages with: npm audit signatures Closes #[issue-number-if-any]
ibrahimcesar
added a commit
that referenced
this pull request
Nov 15, 2025
Implements comprehensive SLSA (Supply chain Levels for Software Artifacts) provenance generation to provide cryptographic verification of build integrity and origin. Changes: - Add comprehensive SLSA documentation (.github/SLSA.md) - Explains what SLSA is and why it matters - Provides verification instructions for users - Documents troubleshooting steps - Lists security benefits and limitations - Update auto-release.yml workflow - Add id-token and attestations write permissions - Generate build attestation using actions/attest-build-provenance@v2 - Add --provenance flag to NPM publish commands - Add --provenance flag to GitHub Packages publish - Update release.yml workflow - Add SLSA permissions to test and publish jobs - Generate build attestation after build step - Add --provenance flag to NPM publish commands - Add --provenance flag to GitHub Packages publish - Update CLAUDE.md documentation - Add PR #7 section documenting SLSA implementation - Update summary statistics - Mark SLSA as completed in recommendations Benefits: ✅ SLSA Build Level 3 certification ✅ Cryptographically signed build provenance ✅ Verifiable proof of build origin ✅ Protection against supply chain attacks ✅ NPM registry verification support ✅ GitHub attestations for all releases Users can now verify packages with: npm audit signatures Closes #[issue-number-if-any] Co-authored-by: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Installing this package should not pull in the Babel CLI as a dependency.