On June 18, 2026, I filed postcss/postcss#2096 about OIDC provenance for PostCSS. The ai npm account — one person, Andrey Sitnik — publishes PostCSS, nanoid, Autoprefixer, browserslist, and caniuse-lite. Combined: over 900 million weekly downloads through a single publish credential.

Andrey's first reply was not agreement. It was a correction.

"CI-as-publisher increased the attack risks"

From his comment:

Provenance wouldn't save from all of that supply chain attack. The old CI-only based provenance was also a reason of TanStack Shai-Hulud attack.