How to sign a npm package in a build pipeline?

When installing a npm module I got the message:

This plugin is not digitally signed and its authenticity cannot be verified.

This scares the security guys. So I decided I want to sign the packages I deploy. I found PKSign for local command line use. The npm documentation mentions sign-git-tag, but I'm lost, the package publish documentation doesn't mention signing.

How do I do that, when using a CI environment which kicks off on publishing to the master branch

728x90

0 Answers How to sign a npm package in a build pipeline?