From ce4c314fa58b21f7bf097a7ff0bedb02f9e8a13d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20LUDWIG?= <contact@theoludwig.fr>
Date: Wed, 14 Jan 2026 23:36:26 +0100
Subject: [PATCH] ci: trusted npm package publishing (OIDC)

Ref: https://docs.npmjs.com/trusted-publishers
---
 .github/workflows/release.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d551e17..b51a149 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,10 @@ on:
   push:
     branches: [main, beta]
 
+permissions:
+  id-token: "write" # OIDC
+  contents: "read"
+
 jobs:
   release:
     runs-on: "ubuntu-latest"
@@ -34,4 +38,3 @@ jobs:
         run: "node --run release"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}