From d4b341b5c9b0df5d940c2b86aa17d1ae4906b1f0 Mon Sep 17 00:00:00 2001
From: Corwin Marsh <corwinm@users.noreply.github.com>
Date: Wed, 20 May 2026 11:25:29 -0700
Subject: [PATCH] fix: use npm trusted publishing

---
 .changeset/trusted-publishing-workflow.md | 8 ++++++++
 .github/workflows/release.yml             | 1 -
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/trusted-publishing-workflow.md

diff --git a/.changeset/trusted-publishing-workflow.md b/.changeset/trusted-publishing-workflow.md
new file mode 100644
index 0000000..b1520af
--- /dev/null
+++ b/.changeset/trusted-publishing-workflow.md
@@ -0,0 +1,8 @@
+---
+"@haphazarddev/pi-ask-user-question": patch
+"@haphazarddev/pi-copy-code-block": patch
+"@haphazarddev/pi-interactive-code-review": patch
+"@haphazarddev/pi-vim-quit": patch
+---
+
+Use npm Trusted Publishing in the release workflow.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f03e659..b7f5ce1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -49,7 +49,6 @@ jobs:
           # Use a PAT or GitHub App installation token so release PR pushes trigger
           # normal pull_request/push workflows on changeset-release/* branches.
           GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Published packages summary
         if: steps.changesets.outputs.published == 'true'