| ▲ | billywhizz 4 days ago | |
> When a package in the npm registry has established provenance, it does not guarantee the package has no malicious code. Instead, npm provenance provides a verifiable link to the package's source code and build instructions, which developers can then audit and determine whether to trust it or not | ||
| ▲ | OptionOfT 4 days ago | parent [-] | |
It prevents the npm publish from locally modified source code. | ||