{"id":14483610,"url":"https://github.com/sigstore/sigstore-js","last_synced_at":"2025-05-14T08:08:22.650Z","repository":{"id":50322793,"uuid":"495574555","full_name":"sigstore/sigstore-js","owner":"sigstore","description":"Code-signing for npm packages","archived":false,"fork":false,"pushed_at":"2025-05-05T15:59:40.000Z","size":6990,"stargazers_count":162,"open_issues_count":6,"forks_count":28,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-05-12T07:45:08.567Z","etag":null,"topics":["codesigning","javascript","node","security","supply-chain"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sigstore.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-05-23T21:10:15.000Z","updated_at":"2025-05-05T15:38:02.000Z","dependencies_parsed_at":"2023-10-14T19:49:20.864Z","dependency_job_id":"f7fa69bf-a7f7-493b-a1e4-2a2abb292a5e","html_url":"https://github.com/sigstore/sigstore-js","commit_stats":{"total_commits":1082,"total_committers":16,"mean_commits":67.625,"dds":"0.42698706099815154","last_synced_commit":"8c5961aa12e2dedf58a58095883ec7ce77237098"},"previous_names":[],"tags_count":139,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sigstore","download_url":"https://codeload.github.com/sigstore/sigstore-js/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254101558,"owners_count":22014908,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codesigning","javascript","node","security","supply-chain"],"created_at":"2024-09-03T00:01:54.424Z","updated_at":"2025-05-14T08:08:22.604Z","avatar_url":"https://github.com/sigstore.png","language":"TypeScript","readme":"# sigstore-js \u0026middot; [![CI Status](https://github.com/sigstore/sigstore-js/workflows/CI/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/ci.yml) [![Smoke test](https://github.com/sigstore/sigstore-js/actions/workflows/smoke-test.yml/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/smoke-test.yml)\n\nJavaScript libraries for interacting with [Sigstore][6] services.\n\n## Packages\n\n* [`sigstore`](./packages/client) - Client library implementing Sigstore signing/verification workflows.\n* [`@sigstore/bundle`](./packages/bundle) - TypeScript types and utility functions for working with Sigstore bundles.\n* [`@sigstore/cli`](./packages/cli) - Command line interface for signing/verifying artifacts with Sigstore.\n* [`@sigstore/sign`](./packages/sign) - Library for generating Sigstore signatures.\n* [`@sigstore/tuf`](./packages/tuf) - Library for interacting with the Sigstore TUF repository.\n* [`@sigstore/rekor-types`](./packages/rekor-types) - TypeScript types for the Sigstore Rekor REST API.\n* [`@sigstore/mock`](./packages/mock) - Mocking library for Sigstore services.\n\n## Development\n\n### Changesets\nIf you are contributing a user-facing or noteworthy change that should be added to the changelog, you should include a changeset with your PR by running the following command:\n\n```console\nnpx changeset add\n```\n\nFollow the prompts to specify whether the change is a major, minor or patch change. This will create a file in the `.changesets` directory of the repo. This change should be committed and included with your PR.\n\n### Release Steps\n\nWhenever a new changeset is merged to the \"main\" branch, the `release` workflow will open a PR (or append to the existing PR if one is already open) with the all of the pending changesets.\n\nPublishing a release simply requires that you approve/merge this PR. This will trigger the publishing of the package to the npm registry and the creation of the GitHub release.\n\n## Licensing\n\n`sigstore-js` is licensed under the Apache 2.0 License.\n\n## Contributing\n\nSee [the contributing docs][7] for details.\n\n## Code of Conduct\nEveryone interacting with this project is expected to follow the [sigstore Code of Conduct][8].\n\n## Security\n\nShould you discover any security issues, please refer to sigstore's [security process][9].\n\n## Info\n\n`sigstore-js` is developed as part of the [`sigstore`][6] project.\n\nWe also use a [slack channel][10]! Click [here][11] for the invite link.\n\n\n[6]: https://sigstore.dev\n[7]: https://github.com/sigstore/.github/blob/main/CONTRIBUTING.md\n[8]: https://github.com/sigstore/.github/blob/main/CODE_OF_CONDUCT.md\n[9]: https://github.com/sigstore/.github/blob/main/SECURITY.md\n[10]: https://sigstore.slack.com\n[11]: https://join.slack.com/t/sigstore/shared_invite/zt-mhs55zh0-XmY3bcfWn4XEyMqUUutbUQ\n","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigstore%2Fsigstore-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsigstore%2Fsigstore-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigstore%2Fsigstore-js/lists"}