feat: enable npm Trusted Publishers #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

nicknisi merged 1 commit into main from nicknisi/trusted-publisher

Dec 19, 2025

Member

nicknisi commented Dec 19, 2025

Enables npm Trusted Publishers for secure publishing without manual token management.

Changes:

Update Node version to 24 (required for npm 11+)
Add id-token: write permission for OIDC authentication
Add --provenance flag to publish commands
Remove NODE_AUTH_TOKEN environment variable (no longer needed)

Benefits:

More secure authentication using OIDC
Cryptographic provenance for published packages
No need to manage NPM_TOKEN secrets


          feat: use Node 24 for npm 11+ (required by Trusted Publishers)

d033b03

gcarvelli approved these changes

View reviewed changes

nicknisi merged commit 892e966 into main

4 checks passed

nicknisi deleted the nicknisi/trusted-publisher branch

December 19, 2025 16:37

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet