From 53c17f0c07e36b7cdf7920ae9ffbe1d0cbcb1c14 Mon Sep 17 00:00:00 2001
From: "Paul K." <paul@paulkr.com>
Date: Wed, 4 Feb 2026 10:12:01 -0500
Subject: [PATCH] chore: update GitHub Actions workflow to include permissions
 for id-token

---
 .github/workflows/publish.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 97b5f51..1ba567c 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,12 +1,13 @@
 name: Publish Package to NPM
-
 on:
   release:
     types: [created]
-
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -23,6 +24,4 @@ jobs:
       - name: Build
         run: npm run build
       - name: Publish
-        run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file
+        run: npm publish --access public
\ No newline at end of file