[SCR-85] Added Trusted Publisher Configuration#19
Merged
sahilsunny merged 2 commits intomasterfrom Dec 8, 2025
Merged
Conversation
sahilsunny
changed the title
kirby81
requested changes
Dec 8, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Security Update: npm classic token creation is now disabled. Existing classic tokens will be revoked on December 9, 2025. Migrate to trusted publishing or granular access tokens to avoid disruption. Learn more.
Solution
We have deleted all of the existing Publish and Automation tokens from npm. Publish tokens are safe to delete. Since, our automation token was tied to the github action of this repository, we needed to re-implement this either by using a rotating token strategy or by using a Trusted Publisher. Because Trusted Publisher was the recommended and easiest approach, we have enabled Trusted Publisher from our npm package settings and changed the
publish.ymlfile to use the Trusted Publisher configuration.