On June 18, 2026, I filed postcss/postcss#2096 about OIDC provenance for PostCSS. The ai npm account — one person, Andrey Sitnik — publishes PostCSS, nanoid, Autoprefixer, browserslist, and caniuse-lite. Combined: over 900 million weekly downloads through a single publish credential.
Andrey's first reply was not agreement. It was a correction.
"CI-as-publisher increased the attack risks"
From his comment:
Provenance wouldn't save from all of that supply chain attack. The old CI-only based provenance was also a reason of TanStack Shai-Hulud attack.






