Surfaced during the estate provenance rollout. bindings/rescript/package.json has:
"repository": { "url": "https://gitlab.com/campaign-for-cooler-coding-and-programming/bunsenite.git" }
"version": "1.0.0" (Cargo is at 1.0.2 — binding is stale)
npm --provenance from a GitHub Action requires the repository to match the building repo (github.com/hyperpolymath/bunsenite), so npm provenance was skipped here (it would fail verification). Cargo .crate provenance was added (#78).
Decision needed: is bunsenite GitHub-primary or GitLab-primary?
- GitHub-primary → point
repository at GitHub + sync the npm version to 1.0.2, then npm --provenance works.
- GitLab-primary → npm provenance must be minted by GitLab CI, not GitHub; leave as-is and document it.
This is an identity call, not a mechanical fix — flagging rather than guessing where the package canonically lives.
Surfaced during the estate provenance rollout.
bindings/rescript/package.jsonhas:npm
--provenancefrom a GitHub Action requires therepositoryto match the building repo (github.com/hyperpolymath/bunsenite), so npm provenance was skipped here (it would fail verification). Cargo.crateprovenance was added (#78).Decision needed: is bunsenite GitHub-primary or GitLab-primary?
repositoryat GitHub + sync the npm version to 1.0.2, then npm--provenanceworks.This is an identity call, not a mechanical fix — flagging rather than guessing where the package canonically lives.