JavaScript libraries for interacting with Sigstore services.
-
sigstore
- Client library implementing Sigstore signing/verification workflows. -
@sigstore/bundle
- TypeScript types and utility functions for working with Sigstore bundles. -
@sigstore/cli
- Command line interface for signing/verifying artifacts with Sigstore. -
@sigstore/sign
- Library for generating Sigstore signatures. -
@sigstore/tuf
- Library for interacting with the Sigstore TUF repository. -
@sigstore/rekor-types
- TypeScript types for the Sigstore Rekor REST API. -
@sigstore/mock
- Mocking library for Sigstore services.
If you are contributing a user-facing or noteworthy change that should be added to the changelog, you should include a changeset with your PR by running the following command:
npx changeset add
Follow the prompts to specify whether the change is a major, minor or patch change. This will create a file in the .changesets
directory of the repo. This change should be committed and included with your PR.
Whenever a new changeset is merged to the "main" branch, the release
workflow will open a PR (or append to the existing PR if one is already open) with the all of the pending changesets.
Publishing a release simply requires that you approve/merge this PR. This will trigger the publishing of the package to the npm registry and the creation of the GitHub release.
sigstore-js
is licensed under the Apache 2.0 License.
See the contributing docs for details.
Everyone interacting with this project is expected to follow the sigstore Code of Conduct.
Should you discover any security issues, please refer to sigstore's security process.
sigstore-js
is developed as part of the sigstore
project.
We also use a slack channel! Click here for the invite link.