sigstore-js ·
JavaScript libraries for interacting with Sigstore services.
Packages
sigstore
- Client library implementing Sigstore signing/verification workflows.
@sigstore/bundle
- TypeScript types and utility functions for working with Sigstore bundles.
@sigstore/cli
- Command line interface for signing/verifying artifacts with Sigstore.
@sigstore/sign
- Library for generating Sigstore signatures.
@sigstore/tuf
- Library for interacting with the Sigstore TUF repository.
@sigstore/rekor-types
- TypeScript types for the Sigstore Rekor REST API.
@sigstore/mock
- Mocking library for Sigstore services.
Development
Changesets
If you are contributing a user-facing or noteworthy change that should be added to the changelog, you should include a changeset with your PR by running the following command:
npx changeset add
Follow the prompts to specify whether the change is a major, minor or patch change. This will create a file in the .changesets
directory of the repo. This change should be committed and included with your PR.
Release Steps
Whenever a new changeset is merged to the "main" branch, the release
workflow will open a PR (or append to the existing PR if one is already open) with the all of the pending changesets.
Publishing a release simply requires that you approve/merge this PR. This will trigger the publishing of the package to the npm registry and the creation of the GitHub release.
Licensing
sigstore-js
is licensed under the Apache 2.0 License.
Contributing
See the contributing docs for details.
Code of Conduct
Everyone interacting with this project is expected to follow the sigstore Code of Conduct.
Security
Should you discover any security issues, please refer to sigstore's security process.
Info
sigstore-js
is developed as part of the sigstore
project.
We also use a slack channel! Click here for the invite link.