From 5b4e599a23523afad790ada7cd4e8a4e7ae008e4 Mon Sep 17 00:00:00 2001
From: Steven Chim <655241+chimurai@users.noreply.github.com>
Date: Sun, 9 Nov 2025 13:46:54 +0000
Subject: [PATCH] ci: publish with oidc

---
 .github/workflows/publish.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 04d5c9b4..e8d3b069 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      id-token: write
+      id-token: write # Required for OIDC
     steps:
       - uses: actions/checkout@v5
       - uses: actions/setup-node@v4
@@ -17,17 +17,17 @@ jobs:
           node-version: '22.x'
           registry-url: 'https://registry.npmjs.org'
 
+      # Ensure npm 11.5.1 or later is installed
+      - name: Update npm
+        run: npm install -g npm@latest
+
       - name: Install Dependencies
         run: yarn install --frozen-lockfile --ignore-scripts
 
       - name: Publish to NPM (beta)
         if: 'github.event.release.prerelease'
-        run: npm publish --provenance --access public --tag beta
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --access public --tag beta
 
       - name: Publish to NPM (stable)
         if: '!github.event.release.prerelease'
-        run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --access public