Open SourceSecurityIntroducing npm package provenanceHow to verifiably link npm packages to their source repository and build instructions. Starting today, when you build your npm projects on GitHub Actions, you can publish provenance alongside your package by including the --provenance flag. This provenance data gives consumers a verifiable way to link a package back to its source repository and