Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code’s origin. This feature is intended to further enhance the security of the open source software supply chain, which has become a common target for cyberattacks.
Read full article on The Register