security: update npm registry URLs to HTTPS (TLS 1.2+)

Test User · Test User · commit f94c840b69dc · 2025-11-14T20:11:38.000+02:00
- Update package.json publishConfig to use HTTPS - Update .npmrc registry to use HTTPS - Update GitHub Actions workflow to use HTTPS - Ensures compliance with npm registry TLS 1.2+ requirement - Reference: https://github.blog/security/supply-chain-security/npm-registry-deprecating-tls-1-0-tls-1-1/
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -156,7 +156,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NODE_VERSION }}
-          registry-url: 'http://registry.npmjs.org'
+          registry-url: 'https://registry.npmjs.org'
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
diff --git a/.npmrc b/.npmrc
@@ -1,7 +1,7 @@
 # npm configuration for DoPlan CLI
 
-# Use public registry
-registry=http://registry.npmjs.org/
+# Use public registry (HTTPS required - TLS 1.2+)
+registry=https://registry.npmjs.org/
 
 # Publish configuration
 # Note: Set NPM_TOKEN in CI/CD for automated publishing
diff --git a/package.json b/package.json
@@ -57,7 +57,7 @@
   ],
   "publishConfig": {
     "access": "public",
-    "registry": "http://registry.npmjs.org/"
+    "registry": "https://registry.npmjs.org/"
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@`
`57`	`57`	`],`
`58`	`58`	`"publishConfig": {`
`59`	`59`	`"access": "public",`
`60`		`- "registry": "http://registry.npmjs.org/"`
	`60`	`+ "registry": "https://registry.npmjs.org/"`
`61`	`61`	`}`
`62`	`62`	`}`
`63`	`63`