ci: migrate to npm trusted publishing with OIDC

solidsnakedev · solidsnakedev · commit 0a2e8633f6d7 · 2025-12-10T18:28:20.000-07:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -34,6 +34,9 @@ jobs:
           cache: 'pnpm'
           registry-url: 'https://registry.npmjs.org/'
 
+      - name: 📦 Update npm to latest (required for trusted publishing)
+        run: npm install -g npm@latest
+
       - name: 📦 Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -55,4 +58,4 @@ jobs:
           createGithubReleases: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
