From f6d314d2f7d782d1692a3be82a75f07847b015be Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 30 Jun 2026 17:09:01 +0000 Subject: [PATCH 1/2] Initial plan From 2b8041ebd79f2252d81fdde7d729a4dafe4d6639 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 30 Jun 2026 17:11:38 +0000 Subject: [PATCH 2/2] Use npm trusted publishing in publish-npm workflow job --- .github/workflows/publish.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ff7b7d4..6eb20e2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -39,11 +39,9 @@ jobs: - run: npm version ${TAG_NAME} --git-tag-version=false env: TAG_NAME: ${{ github.event.release.tag_name }} - # Install latest version of npm for publishing with provenance - - run: npm install -g npm - - run: npm whoami; npm --ignore-scripts publish --provenance --access public - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}} + # npm 11.5.1+ is required for trusted publishing (OIDC) with provenance + - run: npm install -g npm@latest + - run: npm --ignore-scripts publish --provenance --access public publish-github: name: Publish to GitHub Packages runs-on: ubuntu-latest