Is it just me, or is #npm's trusted publishing unnecessarily rigid?
Uncategorized
3
Posts
2
Posters
0
Views
-
Is it just me, or is #npm's trusted publishing unnecessarily rigid? Only one workflow filename allowed per package. It's like they never imagined a project having multiple release branches or evolving CI structures. Moving from build.yaml to publish.yaml shouldn't be this annoying. 😩
-
@hongminhee It's just early days I think. Another limitation is that it is tied to GitHub/GitLab.
-
@hongminhee It's just early days I think. Another limitation is that it is tied to GitHub/GitLab.
@bart@floss.social Spot on. The vendor lock-in is exactly what's holding me back from moving to Codeberg. It's frustrating that standard security features like OIDC publishing are becoming a golden cage that keeps us tied to big platforms. I'd love to see npm support OIDC from Forgejo/Gitea, but it feels like we're still a long way from a truly forge-agnostic ecosystem. 2FA tokens for life, I guess? 🥲
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@jcrabapple @stefan @_elena thank you!!!
-
@stefan @_elena what a nice coincidence! Happy birthday, @stefan - they say that this is a great day to have a birthday! 🙂
-
Oggi per vari motivi ho ripescato un mio vecchio diverissement di 10+ anni fa.
https://wok.oblomov.eu/ordet/smalltown-boy-george-michael/
e mi piacerebbe rivisitarlo, ma continuo a non avere idee su come allungare la catena. Il Fediverso ha qualche suggerimento?
-
@enverdemichelis l'unica chiesa in cui il prete è anche il portiere dello stabile @SmilaBlomma @cgbencini @ChieseBrutte
-
The luminous orange of a squirrel in the rain.
-
Pronta @SmilaBlomma?@cgbencini @ChieseBrutte
-
@stefano Happy birthday Stefano, enjoy
-
Palermo, bambino di 11 anni violentato dai compagni di scuola: ipotesi bullismo
https://www.gay.it/palermo-bambino-di-11-anni-violentato-dai-compagni-di-scuola-ipotesi-bullismo
> Una storia sconvolgente nell'Italia che vieta l'educazione sessuale a scuola.
