From 2989a564cb28d9e7756cea9a856100cac0b8fff2 Mon Sep 17 00:00:00 2001
From: Mathieu Post <mathieupost@gmail.com>
Date: Mon, 9 Mar 2026 22:24:21 +0100
Subject: [PATCH] ci: enable npm trusted publishing with OIDC

Remove NPM_TOKEN secret dependency and switch to npm's native OIDC-based trusted publishing. GitHub Actions will authenticate via OIDC token, improving security and eliminating the need for manual token rotation.
---
 .github/workflows/release-please.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index eb8f33c..e015b9b 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -41,6 +41,4 @@ jobs:
 
       - name: Publish to npm
         if: ${{ steps.release.outputs.release_created }}
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npm publish --provenance --access public