From 4eb6ed2165803a4a089eab0fc35fcc691aed5e29 Mon Sep 17 00:00:00 2001
From: Kieran <me@mesquka.com>
Date: Thu, 5 Feb 2026 04:39:00 +0000
Subject: [PATCH] Update release steps to provide NPM token via OIDC

---
 .github/workflows/publish-npmjs.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-npmjs.yml b/.github/workflows/publish-npmjs.yml
index dc57d2eb..f519027e 100644
--- a/.github/workflows/publish-npmjs.yml
+++ b/.github/workflows/publish-npmjs.yml
@@ -4,6 +4,11 @@ on:
     # Sequence of patterns matched against refs/heads
     branches:
       - release
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -19,5 +24,3 @@ jobs:
         with:
           cmd: install
       - run: yarn publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}