Skip to content

Use npm trusted publishing (OIDC) instead of npm token#15

Merged
robertLichtnow merged 1 commit into
mainfrom
robertLichtnow/npm-trusted-publisher
Mar 7, 2026
Merged

Use npm trusted publishing (OIDC) instead of npm token#15
robertLichtnow merged 1 commit into
mainfrom
robertLichtnow/npm-trusted-publisher

Conversation

@robertLichtnow

Copy link
Copy Markdown
Owner

Remove NODE_AUTH_TOKEN secret and switch to OIDC authentication for npm publishing. This uses the trusted publisher feature already configured on npm, eliminating the need to manage npm tokens as secrets.

Changes:

  • Remove NODE_AUTH_TOKEN env var from publish steps
  • Bump Node.js from 22 to 24 (required for npm >= 11.5.1 with OIDC support)

The id-token: write permission was already in place and will now be used for OIDC authentication.

Remove NODE_AUTH_TOKEN secret and bump Node to 24 so npm uses
OIDC authentication via the id-token permission already in place.
@robertLichtnow robertLichtnow merged commit b3501af into main Mar 7, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant