From 00a5e83e8b2c63f66a04f0189bda85c253562f31 Mon Sep 17 00:00:00 2001
From: Kenneth <kenneth@nym.sh>
Date: Sat, 28 Feb 2026 01:57:57 +0000
Subject: [PATCH] Use trusted publishing (OIDC) instead of npm token

Co-authored-by: Ona <no-reply@ona.com>
---
 .github/workflows/publish.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7c360d1..381a2ad 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,6 +7,9 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4
 
@@ -18,6 +21,6 @@ jobs:
 
       - run: bun test
 
-      - run: bun publish --access public
+      - run: bun publish --access public --provenance
         env:
-          NPM_CONFIG_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_REGISTRY: https://registry.npmjs.org