Skip to content
This repository has been archived by the owner on Jan 10, 2023. It is now read-only.

Update package.json to include the repository key #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

msftenhanceprovenance
Copy link

@msftenhanceprovenance msftenhanceprovenance commented Jul 1, 2021

With the rise in supply chain attacks and OSS dependencies being used as a attack vector, Microsoft is working with our ecosystem partners, such as the Linux Foundation's OpenSSF, to enable OSS consumers to track packages back to their public sources.
We've identified that the following packages published to NPM do not report where sources can be found, typically accomplished by including a link to your GitHub repository in your package.json REPOSITORY field. This PR was created to add this value, ensuring future releases will include this provenance information.
Published NPM packages with repository information:

  • plylog

With the rise in supply chain attacks and OSS dependencies being used as a attack vector, Microsoft is working with our ecosystem partners, such as the Linux Foundation's OpenSSF, to enable OSS consumers to track packages back to their public sources.
We've identified that the following packages published to NPM do not report where sources can be found, typically accomplished by including a link to your GitHub repository in your `package.json` REPOSITORY field. This PR was created to add this value, ensuring future releases will include this provenance information.
Published NPM packages with repository information:
	*plylog
@google-cla
Copy link

google-cla bot commented Jul 1, 2021

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.


What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@msftenhanceprovenance
Copy link
Author

@googlebot I signed it!

@msftenhanceprovenance
Copy link
Author

Individual CLA has been signed. Please let me know if there is anything additional needed from me to land this Pull Request.

@msftenhanceprovenance
Copy link
Author

Is there anything that is needed to land this pull request ?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant