update Collaboration.md and dependencies (#4001)

khassel · KristjanESPERANTO · web-flow · commit b847dd7f3fe3 · 2026-01-08T10:14:47.000+01:00
Co-authored-by: Kristjan ESPERANTO &lt;35647502+KristjanESPERANTO@users.noreply.github.com&gt;
diff --git a/Collaboration.md b/Collaboration.md
@@ -46,6 +46,7 @@ Are done by
   - [ ] add label `mastermerge`
   - [ ] title of the PR is `Release 2.xx.0`
   - [ ] description of the PR is the body of the draft release with name `v2.xx.0`
+- [ ] check if new PR has merge conflicts, if so, merge `master` into the new PR and solve the conflicts
 - [ ] after PR tests run without issues, merge PR
 - [ ] edit draft release with name `v2.xx.0`
   - [ ] set corresponding version tag `v2.xx.0` (with `Select tag` and then `Create new tag`)
@@ -61,11 +62,24 @@ Are done by
 
 ### After release
 
-- [ ] publish release notes with link to github release on forum in new locked topic
+- [ ] publish release notes with link to github release on forum in new locked topic (use edit release on github to copy the content with markdown syntax)
 - [ ] close all issues with label `ready (coming with next release)`
 - [ ] release new documentation by merging `develop` on `master` in documentation repository
 - [ ] publish new version on [npm](https://www.npmjs.com/package/magicmirror)
   - [ ] use a clean environment (e.g. container)
   - [ ] clone this repository with the new `master` branch and `cd` into the local repository directory
-  - [ ] log in to npm with `npm login --auth-type legacy` which will ask for username and password and one-time-password which is sent via mail
-  - [ ] execute `npm publish`
+  - [ ] **Method 1 (recommended): With browser and 2FA**
+    - [ ] execute `npm login` which will open a browser window
+    - [ ] log in with your npm credentials and enter your 2FA code
+    - [ ] execute `npm publish`
+  - [ ] **Method 2 (fallback for headless environments): With token (bypasses 2FA)**
+    - [ ] ⚠️ Note: This method bypasses 2FA and should only be used when a browser is not available
+    - [ ] goto `https://www.npmjs.com/settings/<username>/tokens/` and click `generate new token`
+    - [ ] enable `Bypass two-factor authentication (2FA)` and under `Packages and scopes` give `Read and write` permission to the `magicmirror` package, press `Generate token`
+    - [ ] execute:
+
+      ```bash
+      NPM_TOKEN="npm_xxxxxx"
+      npm set "//registry.npmjs.org/:_authToken=$NPM_TOKEN"
+      npm publish
+      ```
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -97,7 +97,7 @@
 		"pm2": "^6.0.14",
 		"socket.io": "^4.8.3",
 		"suncalc": "^1.9.0",
-		"systeminformation": "^5.28.2",
+		"systeminformation": "^5.28.8",
 		"undici": "^7.16.0",
 		"weathericons": "^2.1.0"
 	},
@@ -108,7 +108,7 @@
 		"cspell": "^9.4.0",
 		"eslint-plugin-import-x": "^4.16.1",
 		"eslint-plugin-jsdoc": "^61.5.0",
-		"eslint-plugin-package-json": "^0.85.0",
+		"eslint-plugin-package-json": "^0.87.1",
 		"eslint-plugin-playwright": "^2.4.0",
 		"eslint-plugin-vitest": "^0.5.4",
 		"express-basic-auth": "^1.2.1",
