From 5c19f57f9d42b65a1bf5734d10692b8908596f22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20LUDWIG?= <contact@theoludwig.fr>
Date: Thu, 5 Feb 2026 17:13:05 +0100
Subject: [PATCH] ci: trusted npm package publishing (OIDC)

Ref: https://docs.npmjs.com/trusted-publishers
---
 .github/workflows/release.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6d77e90..7ad5e1a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,10 @@ on:
   push:
     branches: [main]
 
+permissions:
+  id-token: "write" # OIDC
+  contents: "read"
+
 jobs:
   release:
     runs-on: "ubuntu-latest"
@@ -34,4 +38,3 @@ jobs:
         run: "node --run release"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}