From 77a0d5eee96d95d55d95ac4fb6740a3b060bb4d4 Mon Sep 17 00:00:00 2001
From: Arun Bose <tellarunbose@gmail.com>
Date: Thu, 29 Jan 2026 11:39:58 +0530
Subject: [PATCH] new npm publish action scripts

---
 .github/workflows/npm-publish.yml | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index cfa2faf..b5a925a 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -1,20 +1,27 @@
-# When anyone pushes to npm branch in this repo, the package will be published to npm. This action requires
-# access to NPM_TOKEN secret. Contact core.ai admins to get access to core.ais org tokens.
-# To publish to your own npm account, follow this https://docs.npmjs.com/creating-and-viewing-access-tokens
+# When anyone pushes to npm branch in this repo, the package will be published to npm.
+# https://docs.npmjs.com/trusted-publishers is active in this repo
 name: Publish package to npm
 
 on:
   push:
     branches: [ npm ]
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   build-tasks:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+          registry-url: 'https://registry.npmjs.org'
       - name: Npm Install
         run: |
-          npm install
+          npm ci
       - name: building package
         run: |
           npm run build
@@ -24,6 +31,4 @@ jobs:
       - name: Publishing package to npm repository
         run: |
           node .github/workflows/js/validatePackage.cjs
-          npm publish --access public
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          npm publish --access public
\ No newline at end of file