Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
| @@ -31,8 +31,6 @@ jobs: | |||
|
|
|||
| - name: Publish to npm | |||
| run: npm publish --provenance --access public | |||
There was a problem hiding this comment.
🚨 npm publish will fail without NODE_AUTH_TOKEN authentication (high confidence)
Removing NODE_AUTH_TOKEN env var breaks npm authentication. The actions/setup-node with registry-url creates an .npmrc expecting NODE_AUTH_TOKEN for auth. The --provenance flag adds provenance attestation but does NOT replace authentication - it's supplementary. This will cause npm publish to fail with 401 Unauthorized.
Suggested fix: Restore the NODE_AUTH_TOKEN environment variable for the npm publish step
| run: npm publish --provenance --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
warden: notseer
There was a problem hiding this comment.
idk the robot said to try it
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
|
|
||
| - name: Publish to npm | ||
| run: npm publish --provenance --access public | ||
| env: |
There was a problem hiding this comment.
Missing npm authentication token breaks package publishing
High Severity
The NODE_AUTH_TOKEN environment variable was removed from the npm publish step. When actions/setup-node is configured with registry-url, it creates an .npmrc that expects authentication via NODE_AUTH_TOKEN. Without this environment variable, npm publish will fail with an authentication error because npm cannot authenticate with the registry.
1 participant
No description provided.