Trusted Publisher documentation

[jasonkarns]

Description:
Document an example of how publishing to npm is handled if using npm's Trusted Publisher setup. In particular, explicitly answer the question whether NODE_AUTH_TOKEN needs to be set at all if using Trusted Publisher. (Presumably no?)

Justification:
Npm is pushing folks towards Trusted Publisher setup and away from token auth. This action should acknowledge that reality and document an example of what is necessary (or not necessary!) when using Trusted Publisher. Presently, there isn't so much as a mention of Trusted Publisher setup or configuration impact.

Are you willing to submit a PR?

[priyagupta108]

Hello @jasonkarns,
Thank you for this feature request. We will investigate it and get back to you as soon as we have some feedback.

[jasonkarns]

Some additional bits that I would recommend in the docs:

The npm documentation uses node 20 as an example, but that node does not ship with a compatible version of the npm CLI. (cli v11.5.1+ is required for the feature to work)

So whatever examples are used, should either show explicitly upgrading npm (if using the stock version of node which is presently v20); or better yet, give examples showing node v24 which includes a compatible version of npm OOTB and doesn't require additional setup.