-
-
Notifications
You must be signed in to change notification settings - Fork 4
Remove NODE_AUTH_TOKEN #64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -30,9 +30,7 @@ | |
| - run: pnpm build:action | ||
|
|
||
| - name: Publish to npm | ||
| run: npm publish --provenance --access public | ||
|
Check failure on line 33 in .github/workflows/release.yml
|
||
| env: | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Missing npm authentication token breaks package publishingHigh Severity The |
||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
|
|
||
| - name: Get version info | ||
| id: version | ||
|
|
||


There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 npm publish will fail without NODE_AUTH_TOKEN authentication (high confidence)
Removing NODE_AUTH_TOKEN env var breaks npm authentication. The
actions/setup-nodewithregistry-urlcreates an .npmrc expecting NODE_AUTH_TOKEN for auth. The--provenanceflag adds provenance attestation but does NOT replace authentication - it's supplementary. This will causenpm publishto fail with 401 Unauthorized.Suggested fix: Restore the NODE_AUTH_TOKEN environment variable for the npm publish step
warden: notseer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
idk the robot said to try it