update npm version to minimum version required for OIDC publish#887
Merged
update npm version to minimum version required for OIDC publish#887
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the npm publishing GitHub Actions workflow to ensure the npm CLI is new enough to support OIDC/trusted publishing during release publishes.
Changes:
- Add a workflow step to upgrade npm before installing dependencies and publishing.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| registry-url: 'https://registry.npmjs.org' | ||
|
|
||
| - name: Update npm for trusted publishing | ||
| run: npm install -g npm@11.5.1 |
There was a problem hiding this comment.
The workflow pins npm to an exact patch version (11.5.1) but the PR title suggests you only need a minimum version for OIDC trusted publishing. Consider either (a) documenting why this exact version is required (e.g., a linked upstream requirement) or (b) using a semver range (like the required major/minor) so the workflow can pick up patch security fixes automatically.
Suggested change
| run: npm install -g npm@11.5.1 | |
| run: npm install -g npm@^11.5.1 |
|
Size Change: 0 B Total Size: 3.52 MB ℹ️ View Unchanged
|
quietbits
approved these changes
Feb 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.