From 826a3e5ee9568d4ad54c522f680fe48821e70f53 Mon Sep 17 00:00:00 2001
From: Jack Ye <yezhaoqin@gmail.com>
Date: Sun, 8 Feb 2026 22:04:32 -0800
Subject: [PATCH] ci(nodejs): add repository field to package.json for npm
 provenance (#3003)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Summary

- Added `repository` field to all nodejs package.json files (main
package + 7 platform-specific packages)
- This fixes the npm publish E422 error where sigstore provenance
verification fails because the repository.url was empty

## Root Cause

Failing CI:
https://github.com/lancedb/lancedb/actions/runs/21770794768/job/62821570260

npm's sigstore provenance verification requires the `repository.url`
field in package.json to match the GitHub repository URL from the
provenance bundle. The platform-specific packages
(`@lancedb/lancedb-darwin-arm64`, etc.) were missing this field
entirely, causing the publish to fail with:

```
npm error 422 Unprocessable Entity - Error verifying sigstore provenance bundle:
Failed to validate repository information: package.json: "repository.url" is "",
expected to match "https://github.com/lancedb/lancedb" from provenance
```

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
---
 nodejs/npm/darwin-arm64/package.json     | 4 ++++
 nodejs/npm/linux-arm64-gnu/package.json  | 6 +++++-
 nodejs/npm/linux-arm64-musl/package.json | 6 +++++-
 nodejs/npm/linux-x64-gnu/package.json    | 6 +++++-
 nodejs/npm/linux-x64-musl/package.json   | 6 +++++-
 nodejs/npm/win32-arm64-msvc/package.json | 4 ++++
 nodejs/npm/win32-x64-msvc/package.json   | 4 ++++
 nodejs/package.json                      | 4 ++++
 8 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/nodejs/npm/darwin-arm64/package.json b/nodejs/npm/darwin-arm64/package.json
index 27d732503..01254df2d 100644
--- a/nodejs/npm/darwin-arm64/package.json
+++ b/nodejs/npm/darwin-arm64/package.json
@@ -8,5 +8,9 @@
 	"license": "Apache-2.0",
 	"engines": {
 		"node": ">= 18"
+	},
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/lancedb/lancedb"
 	}
 }
diff --git a/nodejs/npm/linux-arm64-gnu/package.json b/nodejs/npm/linux-arm64-gnu/package.json
index a241285c4..3b2237ac5 100644
--- a/nodejs/npm/linux-arm64-gnu/package.json
+++ b/nodejs/npm/linux-arm64-gnu/package.json
@@ -9,5 +9,9 @@
 	"engines": {
 		"node": ">= 18"
 	},
-	"libc": ["glibc"]
+	"libc": ["glibc"],
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/lancedb/lancedb"
+	}
 }
diff --git a/nodejs/npm/linux-arm64-musl/package.json b/nodejs/npm/linux-arm64-musl/package.json
index fcf2157a8..0161a29ed 100644
--- a/nodejs/npm/linux-arm64-musl/package.json
+++ b/nodejs/npm/linux-arm64-musl/package.json
@@ -9,5 +9,9 @@
 	"engines": {
 		"node": ">= 18"
 	},
-	"libc": ["musl"]
+	"libc": ["musl"],
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/lancedb/lancedb"
+	}
 }
diff --git a/nodejs/npm/linux-x64-gnu/package.json b/nodejs/npm/linux-x64-gnu/package.json
index daea9150a..dae79bf82 100644
--- a/nodejs/npm/linux-x64-gnu/package.json
+++ b/nodejs/npm/linux-x64-gnu/package.json
@@ -9,5 +9,9 @@
 	"engines": {
 		"node": ">= 18"
 	},
-	"libc": ["glibc"]
+	"libc": ["glibc"],
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/lancedb/lancedb"
+	}
 }
diff --git a/nodejs/npm/linux-x64-musl/package.json b/nodejs/npm/linux-x64-musl/package.json
index d7a6dc111..17942363f 100644
--- a/nodejs/npm/linux-x64-musl/package.json
+++ b/nodejs/npm/linux-x64-musl/package.json
@@ -9,5 +9,9 @@
 	"engines": {
 		"node": ">= 18"
 	},
-	"libc": ["musl"]
+	"libc": ["musl"],
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/lancedb/lancedb"
+	}
 }
diff --git a/nodejs/npm/win32-arm64-msvc/package.json b/nodejs/npm/win32-arm64-msvc/package.json
index 58130303e..150d95a96 100644
--- a/nodejs/npm/win32-arm64-msvc/package.json
+++ b/nodejs/npm/win32-arm64-msvc/package.json
@@ -14,5 +14,9 @@
   "license": "Apache-2.0",
   "engines": {
     "node": ">= 18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/lancedb/lancedb"
   }
 }
diff --git a/nodejs/npm/win32-x64-msvc/package.json b/nodejs/npm/win32-x64-msvc/package.json
index 481163ba4..1483a6064 100644
--- a/nodejs/npm/win32-x64-msvc/package.json
+++ b/nodejs/npm/win32-x64-msvc/package.json
@@ -8,5 +8,9 @@
 	"license": "Apache-2.0",
 	"engines": {
 		"node": ">= 18"
+	},
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/lancedb/lancedb"
 	}
 }
diff --git a/nodejs/package.json b/nodejs/package.json
index 52e9832f6..b14da5cf6 100644
--- a/nodejs/package.json
+++ b/nodejs/package.json
@@ -36,6 +36,10 @@
     }
   },
   "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/lancedb/lancedb"
+  },
   "devDependencies": {
     "@aws-sdk/client-dynamodb": "^3.33.0",
     "@aws-sdk/client-kms": "^3.33.0",