From 0c12ff0e07f11f3a79f211d9869326cf2a7f4ddf Mon Sep 17 00:00:00 2001
From: Kieran <me@mesquka.com>
Date: Thu, 5 Feb 2026 04:59:37 +0000
Subject: [PATCH] Update release steps to provide NPM token via OIDC

---
 .github/workflows/publish-npmjs.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-npmjs.yml b/.github/workflows/publish-npmjs.yml
index e4867e6..d323ffd 100644
--- a/.github/workflows/publish-npmjs.yml
+++ b/.github/workflows/publish-npmjs.yml
@@ -4,6 +4,11 @@ on:
     # Sequence of patterns matched against refs/heads
     branches:    
       - release
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -17,5 +22,3 @@ jobs:
       - run: npm install
       - run: npm ci
       - run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}