From ebf30369328b61c7ea9d152d4d5afa7d26e59c06 Mon Sep 17 00:00:00 2001
From: Shaan Majid <70789625+shaanmajid@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:50:33 +0000
Subject: [PATCH] fix(ci): use OIDC for npm publish instead of token auth
 (#10619)

* fix(ci): use OIDC for npm publish instead of token auth

* Change permissions from write to read for contents

---------

Co-authored-by: Jay <jasonsaayman@gmail.com>
---
 .github/workflows/publish.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7e2623d0..76b9f9ee 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -6,7 +6,7 @@ on:
       - 'v1.*.*'
 
 permissions:
-  contents: write
+  contents: read
   id-token: write
 
 jobs:
@@ -27,5 +27,3 @@ jobs:
         run: npm run build
       - name: Publish to NPM
         run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}