From c13ccc665bb371480406800d8f440fa46f5a2ee4 Mon Sep 17 00:00:00 2001
From: Callum Dunster <cdunster@users.noreply.github.com>
Date: Mon, 8 Jun 2026 16:24:52 +0200
Subject: [PATCH] feat: use NPM's trusted publishers which generates a token
 with OIDC

Remove the setting of the token so OIDC is used to generate a trusted
token instead.
---
 .github/workflows/nodejs-publish-release.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/nodejs-publish-release.yml b/.github/workflows/nodejs-publish-release.yml
index 1d5a66a..5f1d7ea 100644
--- a/.github/workflows/nodejs-publish-release.yml
+++ b/.github/workflows/nodejs-publish-release.yml
@@ -18,10 +18,6 @@ on:
         description: "npm script name to run for building the project"
         default: "build"
         required: false
-    secrets:
-      NPM_TOKEN:
-        description: "npm authentication token for publishing"
-        required: true
 
 jobs:
   check:
@@ -150,7 +146,6 @@ jobs:
       - name: Publish to npm
         env:
           RELEASE_VERSION: ${{ steps.version.outputs.value }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           PACKAGE_NAME=$(node -p "require('./package.json').name")
           if npm view "$PACKAGE_NAME@$RELEASE_VERSION" > /dev/null 2>&1; then