--- title: Verify npm provenance for @bilig/headless published: true description: How to verify the published @bilig/headless package before adopting it in a Node service or agent tool. tags: npm, provenance, typescript, security, node canonical_url: https://proompteng.github.io/bilig/npm-provenance-package-trust.html cover_image: https://raw.githubusercontent.com/proompteng/bilig/main/docs/assets/github-social-preview.png image: /assets/github-social-preview.png --- # Verify npm Provenance For `@bilig/headless` Production adoption starts before the first import. For a service runtime or agent tool, the package needs to be traceable to source, release CI, and a specific GitHub commit. `@bilig/headless` is published with npm registry signatures and SLSA provenance attestations. npm reports this for the latest published package: ```sh npm view @bilig/headless@latest version dist.attestations dist.signatures --json ``` The important signal is that `dist.attestations.provenance.predicateType` is `https://slsa.dev/provenance/v1` and that `dist.signatures` is non-empty. ## Verify After Install From a clean project: ```sh mkdir bilig-package-trust cd bilig-package-trust npm init -y npm install @bilig/headless npm audit signatures ``` Expected result for the current dependency tree: ```text audited 31 packages in 0s 31 packages have verified registry signatures 10 packages have verified attestations ``` Use this as a package-integrity check, not as an application-security claim. You still need workflow fixtures, rollback, and formula compatibility gates for your own WorkPaper-backed service. ## Release Path Runtime packages are released by `.github/workflows/headless-package.yml`. The workflow: - verifies the runtime package chain; - checks publishable package metadata with `pnpm publish:runtime:check`; - requires Forgejo and GitHub `main` to agree before publishing; - uses `id-token: write` for GitHub Actions OIDC; - publishes through `scripts/publish-runtime-package-set.ts` with `npm publish ... --provenance`. npm documents trusted publishing as an OIDC flow that avoids long-lived npm tokens and can automatically generate provenance for public packages published from public repositories: - - OpenSSF Scorecard is another useful consumer-side signal for evaluating dependency risk: - This repository runs the official OpenSSF Scorecard action on every `main` update and on a weekly schedule. Results are published to the public Scorecard API, exposed through the README badge, and uploaded as SARIF to GitHub code scanning so dependency evaluators can inspect repository posture separately from npm package provenance. The GitHub trust surface also includes CodeQL analysis for the JavaScript/TypeScript codebase and Dependabot version updates for npm, GitHub Actions, and the root Dockerfile. Those checks do not replace package provenance, but they make vulnerability discovery and dependency drift visible before a production adopter has to ask for it. ## What This Does Not Prove Package provenance does not prove that a workbook workflow is correct, complete, or safe for every production domain. Before adopting `@bilig/headless` for customer-critical work, also run: - the [90-second npm eval](try-bilig-headless-in-node.md); - the [quote approval WorkPaper API proof](quote-approval-workpaper-api.md); - the [production adoption checklist](production-adoption-checklist-headless-workpaper.md); - the [compatibility limits](where-bilig-is-not-excel-compatible-yet.md). The package-trust question is: "Did this package come from the expected source and release path?" The production-readiness question is: "Does this exact workflow have fixtures, rollback, and compatibility evidence?"