From cef687358d5a86148093cf9062d8d4c6ba5c304d Mon Sep 17 00:00:00 2001
From: Daniel Hensby <daniel.hensby@bidbax.no>
Date: Wed, 4 Feb 2026 11:06:05 +0100
Subject: [PATCH] ci: enbable NPM trusted publishing using GH actions

---
 .github/workflows/nodejs.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index eb5addb5..b223fc5e 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -170,7 +170,7 @@ jobs:
       contents: write # to be able to publish a GitHub release
       issues: write # to be able to comment on released issues
       pull-requests: write # to be able to comment on released pull requests
-      id-token: write # to enable use of OIDC for npm provenance
+      id-token: write # to enable use of OIDC for npm publishing & provenance
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -189,5 +189,4 @@ jobs:
         env:
           NPM_CONFIG_PROVENANCE: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npx semantic-release