fix(release): upgrade npm to 11 before publish

[vlad-activeloop]

Summary

• Node 22 ships with npm 10.x, which lacks OIDC tokenless publishing support
• npm 11+ is required for the --provenance flag to exchange GitHub OIDC tokens with the npm registry
• Upgrades npm in-place before the publish step; the rest of the job (build, test) keeps the Node 22 tree-sitter ABI

Test plan

• Merge triggers release workflow
• Publish job upgrades npm to 11 before npm publish --provenance
• v0.7.56 appears on npmjs.com with Sigstore provenance badge

Summary by CodeRabbit

• Chores
  • Updated the release workflow to improve package publishing process with enhanced security and Node-22 compatibility.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 278efd12-743d-429f-aa10-c1841cc28b73

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The release workflow's npm publish step is updated to install npm@11 before publishing. The upgrade step precedes the existing npm publish --provenance --access public command in a multi-line run block, adding Node-22 compatibility.

Changes

npm Release Publishing

Layer / File(s)	Summary
npm upgrade before Sigstore publishing .github/workflows/release.yaml	The publish step installs npm@11 globally, then executes npm publish --provenance --access public in a single run block to ensure Node-22 compatibility.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• activeloopai/hivemind#207: Both PRs modify the same .github/workflows/release.yaml publish/release workflow steps (Node/npm setup for publishing).
• activeloopai/hivemind#212: Both PRs modify the same GitHub Actions .github/workflows/release.yaml to change npm-related release commands.

Suggested reviewers

• efenocchi

Poem

🐰 A tiny tweak, so clean and bright,
npm lifts to reach new height,
Node-22 now feels at home,
Sigstore signs each npm tome!
Hop hop, publish away! 📦✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(release): upgrade npm to 11 before publish' clearly and concisely summarizes the primary change: upgrading npm before the publish step in the release workflow.
Description check	✅ Passed	The description includes a clear Summary section explaining the motivation (Node 22 compatibility issue), technical details about npm version requirements, and a Test plan section with checkboxes aligned with the template structure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/npm11-publish

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report

No src/*.ts files changed in this PR.

_{Generated for commit c50e9cd.}