name change

Author: indianaPoly

.changeset/curly-cycles-wave.md

@@ -0,0 +1,5 @@
+---
+"@hyunrim03/clickvoidx": patch
+---
+
+Rename the published package from `@hyunrim03/core` to `@hyunrim03/clickvoidx` so the install name matches the project identity.

.github/workflows/release.yml

@@ -42,22 +42,6 @@ jobs:
       - name: Install dependencies
         run: bun install --frozen-lockfile
 
-      - name: Debug release target and auth mode
-        run: |
-          echo "package_name=$(node -p "require('./packages/core/package.json').name")"
-          echo "package_version=$(node -p "require('./packages/core/package.json').version")"
-          echo "repository_url=$(node -p "require('./packages/core/package.json').repository.url")"
-          echo "registry=$(npm config get registry)"
-          if [ -n "${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" ] && [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL:-}" ]; then
-            echo "oidc=available"
-          else
-            echo "oidc=unavailable"
-          fi
-          echo "npm_token=not-passed-to-oidc-debug-step"
-          echo "oidc_claims_start"
-          bun ./scripts/print-oidc-claims.mjs
-          echo "oidc_claims_end"
-
       - name: Run lint
         run: bun run lint
 
@@ -87,3 +71,6 @@ jobs:
           publish: bun run release:publish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_TOKEN: ${{ secrets.NPM_TOKEN }}
+          FORCE_NPM_TOKEN_PUBLISH: "1"

README.ko.md

@@ -34,7 +34,7 @@ bun run release:dry-run
 ## 패키지 사용 예시
 
 ```ts
-import { createDeadClickDetector } from "@hyunrim03/core";
+import { createDeadClickDetector } from "@hyunrim03/clickvoidx";
 
 const detector = createDeadClickDetector({
   onDeadClick(report) {

README.md

@@ -34,7 +34,7 @@ bun run release:dry-run
 ## Package usage
 
 ```ts
-import { createDeadClickDetector } from "@hyunrim03/core";
+import { createDeadClickDetector } from "@hyunrim03/clickvoidx";
 
 const detector = createDeadClickDetector({
   onDeadClick(report) {

bun.lock

@@ -55,6 +55,25 @@ Set `FORCE_NPM_TOKEN_PUBLISH=1` only if you intentionally want to override that
 
 This avoids the 2FA-token problem entirely.
 
+## OIDC troubleshooting note
+
+If npm trusted publishing is configured but publish still fails with a 404/permission-style error, verify the package-level Trusted Publisher values against the actual GitHub OIDC claims emitted by the workflow.
+
+Important findings from this repository:
+- npm matches the GitHub owner string very strictly
+- `indianapoly` and `indianaPoly` are **not** interchangeable in practice
+- the working value must match the OIDC claim exactly, including letter case
+
+For this repository the successful package-level Trusted Publisher settings are:
+- **Organization or user:** `indianaPoly`
+- **Repository:** `clickvoidx`
+- **Workflow filename:** `release.yml`
+- **Environment name:** leave empty
+
+When debugging OIDC issues, prefer a single authentication path:
+- remove `NPM_TOKEN` from the release job to test pure OIDC
+- only re-enable token-based publishing when you intentionally want a fallback path
+
 ## Recommended repository settings
 
 The workflow file cannot fully prevent direct pushes to `main`. Configure these GitHub repository settings:

docs/release-process.en.md

@@ -56,6 +56,25 @@
 
 이 방식은 2FA 토큰 문제를 피할 수 있습니다.
 
+## OIDC 트러블슈팅 메모
+
+npm trusted publishing을 설정했는데도 404/permission 계열 에러가 난다면, npm package settings의 Trusted Publisher 값과 GitHub workflow가 실제로 발급한 OIDC claim 값을 직접 비교해야 합니다.
+
+이 저장소에서 확인된 중요한 포인트:
+- npm은 GitHub owner 문자열을 매우 엄격하게 비교합니다
+- `indianapoly` 와 `indianaPoly` 는 실제로 동일하게 취급되지 않을 수 있습니다
+- 즉, 대소문자까지 포함해 OIDC claim 값과 **완전히 동일한 문자열**을 넣어야 합니다
+
+이 저장소에서 최종적으로 성공한 package-level Trusted Publisher 값:
+- **Organization or user:** `indianaPoly`
+- **Repository:** `clickvoidx`
+- **Workflow filename:** `release.yml`
+- **Environment name:** 비워두기
+
+OIDC를 디버깅할 때는 인증 경로를 하나로 유지하는 것이 좋습니다.
+- 순수 OIDC 검증 시 release job에서 `NPM_TOKEN` 제거
+- 토큰은 fallback이 필요할 때만 다시 활성화
+
 ## 권장 GitHub 저장소 설정
 
 워크플로 파일만으로는 `main` 직접 push를 완전히 막을 수 없습니다. 다음 저장소 설정을 함께 권장합니다.

docs/release-process.ko.md

@@ -1,4 +1,4 @@
-# @hyunrim03/core
+# @hyunrim03/clickvoidx
 
 ## 0.1.2
 

packages/core/CHANGELOG.md

@@ -1,4 +1,4 @@
-# @hyunrim03/core
+# @hyunrim03/clickvoidx
 
 A Bun-friendly TypeScript package for detecting dead clicks in browser applications.
 
@@ -12,7 +12,7 @@ A Bun-friendly TypeScript package for detecting dead clicks in browser applicati
 ## Quick example
 
 ```ts
-import { createDeadClickDetector } from "@hyunrim03/core";
+import { createDeadClickDetector } from "@hyunrim03/clickvoidx";
 
 const detector = createDeadClickDetector({
   onDeadClick(report) {

packages/core/README.md

@@ -1,5 +1,5 @@
 {
-  "name": "@hyunrim03/core",
+  "name": "@hyunrim03/clickvoidx",
   "version": "0.1.2",
   "description": "Dead-click detection core package for browser applications.",
   "repository": {