feat: expose provenance transparency url

[JamesHenry]

I was able to add support for provenance in lerna yesterday (now available in v6.6.2) but libnpmpublish currently only emits a log with the transparency log URL, it does not expose it as data for us to use.

This is a particularly a problem for lerna, because we often deal with publishing many packages concurrently. These publish requests are kicked off eagerly in parallel, and so it is currently not possible to reconcile the logs to their originating package.

The presence of this URL data would allow me to easily differentiate between packages which were published with provenance and those which weren't, as well as recreate the log on the lerna side.

For now the best I can do via log interception is gather up the unique URLs and print them at the very end:

I have gone for a rather rudimentary "bolt it on the npmFetch response" approach here, but it would definitely get me what I need. Let me know if you want to rename the property or apply it within some other existing structure on the response in some way.

References

[wraithgar]

I think attaching the metadata to the response object is the cleanest way to get that information back to the consumer. Good choice.

The non-409 retry block needs the same logic.

[JamesHenry]

Thanks @wraithgar, applied that change

[JamesHenry]

@wraithgar Thank you!

[wraithgar]

No, thank you! This'll go out w/ the next cli release (currently scheduled for May 17)