chore(*): Publish packages with npm provenance

.changeset/fast-planes-talk.md

@@ -0,0 +1,18 @@
+---
+'gatsby-plugin-clerk': patch
+'@clerk/chrome-extension': patch
+'@clerk/localizations': patch
+'@clerk/clerk-js': patch
+'@clerk/clerk-sdk-node': patch
+'@clerk/backend': patch
+'@clerk/fastify': patch
+'@clerk/nextjs': patch
+'@clerk/shared': patch
+'@clerk/themes': patch
+'@clerk/clerk-react': patch
+'@clerk/remix': patch
+'@clerk/types': patch
+'@clerk/clerk-expo': patch
+---
+
+Publish packages with [npm provenance](https://docs.npmjs.com/generating-provenance-statements) enabled

.github/workflows/release-prod.yml

@@ -15,6 +15,9 @@ jobs:
     name: Release
     if: ${{ github.repository == 'clerkinc/javascript' }}
     runs-on: ${{ vars.RUNNER_LARGE }}
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Echo github context
         run: echo "$GITHUB_CONTEXT"
@@ -38,6 +41,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.CLERK_COOKIE_PAT }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
 
       - name: Trigger workflows on related repos
         if: steps.changesets.outputs.published == 'true'

.github/workflows/release-snapshot.yml

@@ -16,6 +16,9 @@ jobs:
     env:
       TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
       TURBO_TEAM: ${{ vars.TURBO_TEAM }}
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Limit action to Clerk members
         uses: actions/github-script@v6
@@ -62,6 +65,7 @@ jobs:
         run: npm run release:snapshot
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
 
       - name: Package info
         if: steps.version-packages.outputs.success == '1'

.github/workflows/release-staging.yml

@@ -18,6 +18,9 @@ jobs:
       TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
       TURBO_TEAM: ${{ vars.TURBO_TEAM }}
       TURBO_REMOTE_ONLY: true
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
@@ -34,6 +37,7 @@ jobs:
         run: npm run release:staging
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
 
       - name: Trigger workflows on related repos
         uses: actions/github-script@v6

commitlint.config.js

@@ -17,6 +17,6 @@ module.exports = {
     'subject-case': [2, 'always', ['sentence-case']],
     'body-max-line-length': [1, 'always', '150'],
     'scope-empty': [2, 'never'],
-    'scope-enum': [2, 'always', [...getPackageNames(), 'repo', 'release']],
+    'scope-enum': [2, 'always', [...getPackageNames(), 'repo', 'release', '*']],
   },
 };

package.json

@@ -78,20 +78,20 @@
     "lint:attw": "FORCE_COLOR=1 turbo lint:attw",
     "lint:fix": "FORCE_COLOR=1 turbo lint -- --fix",
     "bundlewatch": "turbo bundlewatch",
-    "format": "npx prettier --write .",
-    "format:check": "npx prettier --cache --check .",
+    "format": "prettier --write .",
+    "format:check": "prettier --cache --check .",
     "nuke": "./scripts/nuke.sh",
     "yalc:all": "for d in packages/*/; do echo $d; cd $d; yalc push --replace --sig; cd '../../'; done",
     "prepare": "husky install",
-    "changeset": "npx changeset",
+    "changeset": "changeset",
     "changeset:empty": "npm run changeset -- --empty",
-    "version": "npx changeset version && ./scripts/version-info.sh",
+    "version": "changeset version && ./scripts/version-info.sh",
     "version:snapshot": "./scripts/snapshot.mjs",
     "version:staging": "./scripts/staging.mjs",
-    "release": "FORCE_COLOR=1 npm run build -- --force && npx changeset publish && git push --follow-tags",
-    "release:snapshot": "FORCE_COLOR=1 npm run build && npx changeset publish --tag snapshot --no-git-tag",
-    "release:staging": "FORCE_COLOR=1 npm run build && npx changeset publish --tag staging --no-git-tag",
-    "release:verdaccio": "if [ \"$(npm config get registry)\" = \"https://registry.npmjs.org/\" ]; then echo 'Error: Using default registry' && exit 1; else TURBO_CONCURRENCY=4 npm run build && npx changeset publish --no-git-tag; fi",
+    "release": "FORCE_COLOR=1 npm run build -- --force && changeset publish && git push --follow-tags",
+    "release:snapshot": "FORCE_COLOR=1 npm run build && changeset publish --tag snapshot --no-git-tag",
+    "release:staging": "FORCE_COLOR=1 npm run build && changeset publish --tag staging --no-git-tag",
+    "release:verdaccio": "if [ \"$(npm config get registry)\" = \"https://registry.npmjs.org/\" ]; then echo 'Error: Using default registry' && exit 1; else TURBO_CONCURRENCY=4 npm run build && changeset publish --no-git-tag; fi",
     "update:lockfile": "npm run nuke && npm install -D --arch=x64 --platform=linux turbo && npm install -D --arch=arm64 --platform=darwin turbo"
   }
 }

packages/backend/package.json

@@ -80,7 +80,8 @@
   "homepage": "https://clerk.com/",
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/backend"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/chrome-extension/package.json

@@ -53,7 +53,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/chrome-extension"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/clerk-js/package.json

@@ -93,7 +93,8 @@
   "browserslist": "last 2 versions, ios_saf > 12, Safari > 12, > 1%, not dead, not ie > 0",
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/clerk-js"
   },
   "homepage": "https://clerk.com/",
   "bugs": {

packages/expo/package.json

@@ -60,7 +60,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/expo"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/fastify/package.json

@@ -50,7 +50,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/fastify"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/gatsby-plugin-clerk/package.json

@@ -59,7 +59,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/gatsby-plugin-clerk"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/localizations/package.json

@@ -45,7 +45,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/localizations"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/nextjs/package.json

@@ -106,7 +106,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/nextjs"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/react/package.json

@@ -67,7 +67,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/react"
   },
   "homepage": "https://clerk.com/",
   "bugs": {

packages/remix/package.json

@@ -90,7 +90,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/remix"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/sdk-node/package.json

@@ -50,7 +50,7 @@
   "author": {
     "name": "Clerk, Inc.",
     "email": "support@clerk.com",
-    "url": "https://github.com/clerkinc/clerk-sdk-node"
+    "url": "git+https://github.com/clerkinc/javascript.git"
   },
   "devDependencies": {
     "nock": "^13.0.7",
@@ -73,7 +73,8 @@
   "description": "Clerk server SDK for usage with node",
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/sdk-node"
   },
   "keywords": [
     "clerk",

packages/shared/package.json

@@ -54,5 +54,10 @@
   "license": "MIT",
   "publishConfig": {
     "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/shared"
   }
 }

packages/themes/package.json

@@ -42,7 +42,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/themes"
   },
   "bugs": {
     "url": "https://github.com/clerkinc/javascript/issues"

packages/types/package.json

@@ -39,7 +39,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/clerkinc/javascript.git"
+    "url": "git+https://github.com/clerkinc/javascript.git",
+    "directory": "packages/types"
   },
   "homepage": "https://clerk.com/",
   "bugs": {