Created by: msftenhanceprovenance
With the rise in supply chain attacks and OSS dependencies being used as a attack vector, Microsoft is working with our ecosystem partners, such as the Linux Foundation's OpenSSF, to enable OSS consumers to track packages back to their public sources.
We've identified that the following packages published to NPM do not report where sources can be found, typically accomplished by including a link to your GitHub repository in your package.json
REPOSITORY field. This PR was created to add this value, ensuring future releases will include this provenance information.
Published NPM packages with repository information:
*react-error-overlay
Activity
Created by: facebook-github-bot
Hi @msftenhanceprovenance!
Thank you for your pull request and welcome to our community.
Action Required
In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.
Process
In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.
Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with
CLA signed
. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!
Created by: msftenhanceprovenance
This is a Monorepo and the repository key is already present in https://github.com/facebook/create-react-app/blob/master/packages/react-error-overlay/package.json.