Are we attested yet? 🔏

A tracking site for npm package attestations, showing which of the top 500 most-downloaded npm packages have SLSA provenance statements.

What are attestations?

Attestations are cryptographically signed, publicly verifiable statements about npm packages that prove:

Where the package was built (source repository)
How it was built (CI/CD environment)
When it was published

They use Sigstore for keyless signing and are automatically generated when publishing from supported CI/CD platforms with trusted publishers or the --provenance flag.

Inspired by

Are we PEP 740 yet? - Python attestation tracking
Python Wheels - Package adoption tracking

License

This project is licensed under the MIT License - see the LICENSE file for details.

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
.github		.github
src		src
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
biome.json		biome.json
index.html		index.html
package.json		package.json
pnpm-lock.yaml		pnpm-lock.yaml
server.js		server.js
styles.css		styles.css
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Are we attested yet? 🔏

What are attestations?

Inspired by

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

License

JamieMagee/are-we-attested-yet

Folders and files

Latest commit

History

Repository files navigation

Are we attested yet? 🔏

What are attestations?

Inspired by

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages