fix npm publish

Author: ar2rsawseen

.github/workflows/release.yml

@@ -68,7 +68,11 @@ jobs:
     needs: test-and-build
     name: Publish to npm
     if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.publish-npm)
-    
+
+    permissions:
+      contents: read
+      id-token: write   # Required for npm OIDC publish
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
@@ -78,7 +82,6 @@ jobs:
         with:
           node-version: '20.x'
           registry-url: 'https://registry.npmjs.org/'
-          cache: 'npm'
 
       - name: Install dependencies
         run: npm ci
@@ -93,10 +96,8 @@ jobs:
         if: github.event_name == 'workflow_dispatch'
         run: npm version ${{ inputs.version }} --no-git-tag-version
 
-      - name: Publish to npm
+      - name: Publish to npm (via OIDC trusted publisher)
         run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
   publish-docker:
     runs-on: ubuntu-latest