From 0f30aa22f74b66441aa46cc5cc7d617eb67384ff Mon Sep 17 00:00:00 2001
From: Volodymyr Kolesnykov <volodymyr@wildwolf.name>
Date: Thu, 2 Nov 2023 00:52:52 +0200
Subject: [PATCH 1/2] chore: generate provenance statements

---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 554ff8a12..9bd01ec5e 100644
--- a/package.json
+++ b/package.json
@@ -186,6 +186,7 @@
     }
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   }
 }

From 43d77cb33f06e851e99264bd0297d88d26fce8b3 Mon Sep 17 00:00:00 2001
From: Volodymyr Kolesnykov <volodymyr@wildwolf.name>
Date: Thu, 2 Nov 2023 01:11:41 +0200
Subject: [PATCH 2/2] ci: run signature/provenance check

---
 .github/workflows/ci.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3926ad342..2e32610e2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -42,6 +42,26 @@ jobs:
       - name: Run ${{ matrix.config.tool }}
         run: npm run '${{ matrix.config.tool }}'
 
+  audit:
+    name: Verify signatures and provenance statements
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the source code
+        uses: actions/checkout@v3
+
+      - name: Set up Node.js environment
+        uses: actions/setup-node@v3
+        with:
+          node-version: lts/*
+          cache: npm
+          cache-dependency-path: npm-shrinkwrap.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run audit
+        run: npm audit signatures
+
   test:
     name: Run tests
     runs-on: ubuntu-latest