From 161a92474a7bb2e9e830e48e76426f38299d99d1 Mon Sep 17 00:00:00 2001 From: Microsoft Provenance Contributions Date: Tue, 17 Aug 2021 11:20:56 -0700 Subject: [PATCH] Update package.json to include the repository key (#31) With the rise in supply chain attacks and OSS dependencies being used as a attack vector, Microsoft is working with our ecosystem partners, such as the Linux Foundation's OpenSSF, to enable OSS consumers to track packages back to their public sources. We've identified that the following packages published to NPM do not report where sources can be found, typically accomplished by including a link to your GitHub repository in your `package.json` REPOSITORY field. This PR was created to add this value, ensuring future releases will include this provenance information. Published NPM packages with repository information: * tree-sitter-html --- package.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package.json b/package.json index 3c55bb6..6f5dd28 100644 --- a/package.json +++ b/package.json @@ -7,6 +7,10 @@ "parser", "lexer" ], + "repository": { + "type": "git", + "url": "https://github.com/tree-sitter/tree-sitter-html.git" + }, "authors": [ "Max Brunsfeld ", "Ashi Krishnan "