Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add resolved field with url to a downloaded artifact to the lockfile #995

Open
iamstarkov opened this issue Nov 28, 2024 · 3 comments
Open

add resolved field with url to a downloaded artifact to the lockfile #995

iamstarkov opened this issue Nov 28, 2024 · 3 comments

Comments

@iamstarkov
Copy link

Npm has it and its pretty nice and nifty feature
here an example value of the field https://github.com/npm/cli/blob/latest/package-lock.json#L211
@monperrus
Copy link
Contributor

thanks for your suggestion.

that's interesting. is that for sake of traceability and provenance? or some other use case?

@monperrus
Copy link
Contributor

plus this would allow tracing the actual registry used in multi-registry scenarios.

we're looking into this.

@monperrus monperrus changed the title should resolved field with url to a downloaded artifact be included in the lockfile? add resolved field with url to a downloaded artifact to the lockfile Jan 9, 2025
@iamstarkov
Copy link
Author

It's a provenance thing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iamstarkov @monperrus