From 69960bf797d5fbdeaf5aadfe27dad4a186574081 Mon Sep 17 00:00:00 2001
From: "cwilton@scottlogic.com" <cwilton@scottlogic.com>
Date: Wed, 16 Oct 2024 14:28:24 +0100
Subject: [PATCH] Updated A Round Of Applause Semantic Release For The Clapper
 Component

---
 ...ause-semantic-release-for-the-clapper-component.markdown | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/_drafts/a-round-of-applause-semantic-release-for-the-clapper-component.markdown b/_drafts/a-round-of-applause-semantic-release-for-the-clapper-component.markdown
index a897e25275..1ebdcf46b0 100644
--- a/_drafts/a-round-of-applause-semantic-release-for-the-clapper-component.markdown
+++ b/_drafts/a-round-of-applause-semantic-release-for-the-clapper-component.markdown
@@ -71,9 +71,11 @@ However, we do need our package in npm to have the correct version number, so th
 
 ### Publish
 
-Here's another lovely thing about semantic-release: contributors have provided a set of [recipes for common release tasks](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations), including a recipe for [releasing to npm via GitHub Actions](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations/github-actions#node-project-configuration). While [npm Provenance](https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/) is a relatively new concept, it is gaining traction; packages can gain a provenance badge by providing a verifiable link back to the source code _and_ to the build configuration. GitHub Actions are one of the current verifiable build systems, which is another good reason to use them instead of Travis.
+Here's another lovely thing about semantic-release: contributors have provided a set of [recipes for common release tasks](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations), including a recipe for [releasing to npm via GitHub Actions](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations/github-actions#node-project-configuration).
 
-The workflow is simple to set up following the above recipe. The only extra config needed for provenance is this section inside `package.json`:
+I also wanted to try out releasing with [npm provenance](https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/), a relatively new concept which is gaining traction: packages can gain a provenance badge by providing a verifiable link back to the source code _and_ to the build configuration, to give consumers full knowledge of how your package was built from sources. GitHub Actions are one of the current verifiable build systems, which is another good reason to use them instead of Travis.
+
+The workflow is simple to set up following the recipe linked above. The only extra config needed for provenance is this section inside `package.json`:
 
 <pre style="margin-inline: 0; margin-block: 1.5rem"><code>"publishConfig": {
   "provenance": true