Skip to content

ci: fix npm publish (replace deprecated npm-publish@v1)#4

Merged
OrFrederick merged 1 commit into
mainfrom
ci/modern-npm-publish
Jun 17, 2026
Merged

ci: fix npm publish (replace deprecated npm-publish@v1)#4
OrFrederick merged 1 commit into
mainfrom
ci/modern-npm-publish

Conversation

@OrFrederick

Copy link
Copy Markdown
Contributor

Root cause of the 2.4.0 publish failures

After the .NET 6 fix, Build/Test/pack all pass, but the Publish step fails with E404 PUT @fairfleet%2fgeotab even with a token verified to have @fairfleet/geotab: read-write. A 404-on-PUT with a valid token = the request reached npm unauthenticated.

Cause: JS-DevTools/npm-publish@v1 is deprecated (current v4) and has a known bug — it erroneously writes auth to .npmrc in a way that no longer works with the runner's modern npm / forced Node 24. The token never reaches npm.

Fix

Replace the action with the npm-documented CI publish pattern: write //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN} and run npm publish --access public from dist/, with NODE_AUTH_TOKEN from the NPM_TOKEN secret. Tag/push steps now gate on if: success() (the removed action's outputs.type no longer exists).

Effect

Merging re-triggers publish.yaml; with auth actually applied, 2.4.0 publishes (npm currently 2.3.0) and v2.4.0 is tagged.

Note: other actions (checkout@v2, cache@v3, codecov@v3, pnpm-action@v2) emit Node-20 deprecation warnings but still work — out of scope here.

…publish

v1 erroneously writes auth to .npmrc in a way that breaks on the runner's
modern npm/Node 24, causing unauthenticated PUT -> E404 despite a valid token.
Use the npm-documented NODE_AUTH_TOKEN + .npmrc pattern instead.
@OrFrederick OrFrederick merged commit 3bf3213 into main Jun 17, 2026
1 check passed
@OrFrederick OrFrederick deleted the ci/modern-npm-publish branch June 17, 2026 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant