Skip to content

publish: use npm instead of pnpm (fix trusted publishing)#2

Merged
pdrbrnd merged 1 commit into
mainfrom
switch-publish-to-npm
May 25, 2026
Merged

publish: use npm instead of pnpm (fix trusted publishing)#2
pdrbrnd merged 1 commit into
mainfrom
switch-publish-to-npm

Conversation

@pdrbrnd

@pdrbrnd pdrbrnd commented May 25, 2026

Copy link
Copy Markdown
Member

Summary

Switch the publish step from `pnpm publish` to `npm publish`. pnpm doesn't perform the OIDC token exchange that npm trusted publishing requires — the 0.2.0 release failed with `ENEEDAUTH` because pnpm fell straight through to legacy token auth, ignoring the `id-token: write` permission.

Changes

  • Keep `pnpm install --frozen-lockfile` (uses the lockfile, no change to install behavior).
  • Add `npm install -g npm@latest` before publish — node 22's bundled npm is 10.x, but trusted publishing landed in npm 11.5.1+.
  • Replace `pnpm publish --no-git-checks --access=public --provenance` with `npm publish --access=public --provenance`. (No `--no-git-checks` because npm doesn't have that flag; it doesn't run the same git checks pnpm does.)

Test plan

  • Merge this
  • Cut the next release tag (any `biome-config-v*` or `tsconfig-v*` patch bump) and confirm the workflow publishes successfully

🤖 Generated with Claude Code

@pdrbrnd @claude
publish: use npm for publishing instead of pnpm
33a31d3 
pnpm publish does not perform the OIDC token exchange that npm trusted
publishing requires. The 0.2.0 release failed with ENEEDAUTH because
pnpm fell straight through to legacy token auth, ignoring the
id-token: write permission.

Keep pnpm for install (lockfile compat). Use npm only for the publish
step. Update npm to latest first since node 22's bundled npm is older
than the trusted-publishing release (11.5.1+).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@pdrbrnd pdrbrnd merged commit 82cd8a1 into main May 25, 2026
4 checks passed
@pdrbrnd pdrbrnd deleted the switch-publish-to-npm branch May 25, 2026 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pdrbrnd