Contribution
Describe the user story
Please see https://github.blog/changelog/2022-07-26-a-new-npm-audit-signatures-command-to-verify-npm-package-integrity/ I also figured out that running pnpm audit signatures does not return any error but run a standard audit. The CLI should be more strict.
Describe the solution you'd like
pnpm audit signatures should check the signatures for all packages that has been published with provenance support.
Describe the drawbacks of your solution
None
Describe alternatives you've considered
Use npm.
Contribution
Describe the user story
Please see https://github.blog/changelog/2022-07-26-a-new-npm-audit-signatures-command-to-verify-npm-package-integrity/ I also figured out that running
pnpm audit signaturesdoes not return any error but run a standard audit. The CLI should be more strict.Describe the solution you'd like
pnpm audit signaturesshould check the signatures for all packages that has been published with provenance support.Describe the drawbacks of your solution
None
Describe alternatives you've considered
Use npm.