VenusProtocol · fred-venus · Feb 25, 2026 · Oct 22, 2025 · Oct 22, 2025 · Nov 3, 2025
diff --git a/.github/prepare_slim_package.sh b/.github/prepare_slim_package.sh
@@ -0,0 +1,17 @@
+# Create a slim folder with the minium content we want, and remove unneeded files
+mkdir slim && cp -r artifacts* package.json README.md deployments slim && cd slim
+find deployments -mindepth 1 -depth -not -name "*_addresses.json*" -exec rm -r "{}" +
+find artifacts -mindepth 1 -depth -not -regex "artifacts/contracts.*" -exec rm -r "{}" +
+find artifacts-zk -mindepth 1 -depth -not -regex "artifacts-zk/contracts.*" -exec rm -r "{}" +
+find artifacts -mindepth 1 -depth -regex "artifacts/.*dbg\.json" -exec rm -r "{}" +
+
+# Add "-slim" to the version in the npm package, keeping the tag "-dev" if it exists
+jq '.version |= sub("^(?<core>[0-9]+\\.[0-9]+\\.[0-9]+)"; "\(.core)-slim")' package.json > package.tmp.json && mv package.tmp.json package.json 
+
+# Remove the "prepare" and "postinstall" scripts, they won't work for this slim version
+jq 'del(.scripts.prepare)' package.json > package.tmp.json && mv package.tmp.json package.json
+jq 'del(.scripts.postinstall)' package.json > package.tmp.json && mv package.tmp.json package.json
+
+# Empty devDependencies and dependencies
+jq '.dependencies = {}' package.json > package.tmp.json && mv package.tmp.json package.json
+jq '.devDependencies = {}' package.json > package.tmp.json && mv package.tmp.json package.json
diff --git a/.github/publish_slim_package.sh b/.github/publish_slim_package.sh
@@ -0,0 +1,10 @@
+# Ensure npm 11.5.1 or later is installed
+npm install -g npm@latest
+
+cd slim
+
+# Extract to PRE_RELEASE_TAG the tag in the version field of the package json, or the empty string if it doesn't exist
+PRE_RELEASE_TAG=$(jq -r '.version | if test("-") then capture("^[0-9]+\\.[0-9]+\\.[0-9]+-(?<tag>[a-zA-Z-]+)") | .tag else "" end' package.json)
+
+# Publish the package to a custom tag for slim versions
+npm publish --provenance --access public --tag $PRE_RELEASE_TAG
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -6,6 +6,10 @@ on:
       - main
       - develop
 
+permissions:
+  id-token: write # Required for OIDC
+  contents: read
+
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -16,9 +20,11 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           cache: "yarn"
+          node-version: "22.14.0"
+          registry-url: "https://registry.npmjs.org"
 
       - name: Install dependencies
         # Hack to get around failing "ethereumjs-abi The remote archive doesn't match the expected checksum" error
@@ -30,9 +36,14 @@ jobs:
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.VENUS_TOOLS_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           GIT_AUTHOR_NAME: Venus Tools
           GIT_AUTHOR_EMAIL: tools@venus.io
           GIT_COMMITTER_NAME: Venus Tools
           GIT_COMMITTER_EMAIL: tools@venus.io
         run: yarn semantic-release
+
+      - name: Prepare slim package
+        run: bash .github/prepare_slim_package.sh
+
+      - name: Publish slim package
+        run: bash .github/publish_slim_package.sh
diff --git a/package.json b/package.json
@@ -2,6 +2,7 @@
   "name": "@venusprotocol/token-bridge",
   "version": "2.7.1-dev.2",
   "description": "Contracts to bridge tokens using LayerZero technology and applying some rules on top of it",
+  "repository": "git@github.com:VenusProtocol/token-bridge.git",
   "files": [
     "artifacts",
     "typechain",
@@ -54,9 +55,8 @@
     "@nomicfoundation/hardhat-chai-matchers": "^1.0.3",
     "@nomicfoundation/hardhat-network-helpers": "^1.0.4",
     "@nomicfoundation/hardhat-verify": "^2.0.14",
-    "@semantic-release/changelog": "^6.0.1",
+    "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/git": "^10.0.1",
-    "@semantic-release/npm": "^9.0.1",
     "@trivago/prettier-plugin-sort-imports": "3.4.0",
     "@typechain/ethers-v5": "^7.2.0",
     "@typechain/hardhat": "^2.3.1",
@@ -85,7 +85,7 @@
     "husky": "^8.0.1",
     "prettier": "2.7.1",
     "prettier-plugin-solidity": "1.1.3",
-    "semantic-release": "^19.0.3",
+    "semantic-release": "^25.0.2",
     "solhint": "^3.3.7",
     "solidity-coverage": "^0.8.4",
     "solidity-docgen": "^0.6.0-beta.29",
@@ -98,7 +98,8 @@
   "resolutions": {
     "scrypt.js": "https://registry.npmjs.org/@compound-finance/ethereumjs-wallet/-/ethereumjs-wallet-0.6.3.tgz",
     "ganache-core": "github:compound-finance/ganache-core.git#jflatow/unbreak-fork",
-    "solidity-parser-antlr": "https://github.com/solidity-parser/parser#0.8.2"
+    "solidity-parser-antlr": "https://github.com/solidity-parser/parser#0.8.2",
+    "ethereumjs-abi": "npm:0.6.8"
   },
   "publishConfig": {
     "access": "public",
@@ -107,5 +108,5 @@
   "_moduleAliases": {
     "@nomiclabs/hardhat-ethers": "node_modules/hardhat-deploy-ethers"
   },
-  "packageManager": "yarn@1.22.1"
+  "packageManager": "yarn@3.2.0"
 }