From da88bbbab76cb6257768524adacbf8bf07541601 Mon Sep 17 00:00:00 2001 From: Andrew Haines Date: Tue, 14 Oct 2025 16:51:42 +0100 Subject: [PATCH] Remove `registry-url` input when setting up GitHub Actions as a trusted publisher This input causes a dummy `NODE_AUTH_TOKEN` to be exported to the environment in later steps. If this variable is present then OIDC token exchange fails. --- .../securing-your-code/trusted-publishers.mdx | 1 - 1 file changed, 1 deletion(-) diff --git a/content/packages-and-modules/securing-your-code/trusted-publishers.mdx b/content/packages-and-modules/securing-your-code/trusted-publishers.mdx index 57847d844e6..ead14829bac 100644 --- a/content/packages-and-modules/securing-your-code/trusted-publishers.mdx +++ b/content/packages-and-modules/securing-your-code/trusted-publishers.mdx @@ -92,7 +92,6 @@ jobs: - uses: actions/setup-node@v4 with: node-version: '20' - registry-url: 'https://registry.npmjs.org' # Ensure npm 11.5.1 or later is installed - name: Update npm