Skip to content

fix: skip npm audit signatures for packages from private registry#39

Merged
jorisjonkers-dev-agents[bot] merged 1 commit into
mainfrom
fix/deploy-artifact-npm-audit
Jul 9, 2026
Merged

fix: skip npm audit signatures for packages from private registry#39
jorisjonkers-dev-agents[bot] merged 1 commit into
mainfrom
fix/deploy-artifact-npm-audit

Conversation

@jorisjonkers-dev-agents

Copy link
Copy Markdown
Contributor

npm audit signatures only supports packages installed from npmjs.com. The deploy-config-schema package is installed from GHPR (npm.pkg.github.com), which causes npm to exit with "found no dependencies to audit that were installed from a supported registry". This is expected behavior, not a signature failure.

The fix treats that specific error message as a non-blocking warning (provenance_verified=false) rather than a hard failure. Any other npm audit error still fails hard.

@jorisjonkers-dev-agents jorisjonkers-dev-agents Bot merged commit 1ead5ca into main Jul 9, 2026
5 checks passed
@jorisjonkers-dev-agents jorisjonkers-dev-agents Bot deleted the fix/deploy-artifact-npm-audit branch July 9, 2026 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant