From c9a1c0495e6d5a8d5e9d069d2d1ec87592bb4dbc Mon Sep 17 00:00:00 2001
From: James Kebinger <james.kebinger@prefab.cloud>
Date: Fri, 14 Nov 2025 14:24:19 -0600
Subject: [PATCH] chore: remove NPM_TOKEN from release workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Switch to npm trusted publishing (OIDC) authentication only.
The workflow already has the required permissions (id-token: write)
and uses --provenance flag, so the NPM_TOKEN secret is no longer needed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/release.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e415ae1..201105a 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -53,8 +53,6 @@ jobs:
       id-token: write
     outputs:
       published-version: ${{ needs.check-version.outputs.current-version }}
-    env:
-      NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
     steps:
       - uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm