From 6bda6f7dc50955aa09dc5005b2b3772af75ab390 Mon Sep 17 00:00:00 2001
From: Jeff Hampton <jhampton@gmail.com>
Date: Fri, 16 Jan 2026 16:57:08 -0500
Subject: [PATCH] Disable NPM tokens in release workflow

Comment out NODE_AUTH_TOKEN and NPM_TOKEN for security during migration to NPM OIDC-based publishing authentication

Signed-off-by: Jeff Hampton <jhampton@gmail.com>
---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a92c230..4df867f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -47,8 +47,8 @@ jobs:
       - name: 🚀 Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          # NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           HUSKY: 0
         run: |
           # Configure git for commits by semantic-release