From 7e40af05ae5dae7456041aa3be902e4acf51ab22 Mon Sep 17 00:00:00 2001
From: James Kebinger <james.kebinger@prefab.cloud>
Date: Fri, 14 Nov 2025 14:39:26 -0600
Subject: [PATCH] chore: remove NPM_TOKEN secret, use trusted publisher
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The workflow is already configured for NPM trusted publisher with:
- id-token: write permission (required for OIDC)
- --provenance flag on npm publish commands

This removes the now-unnecessary NPM_TOKEN environment variable.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/release.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3a21231..1fa70f7 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -53,8 +53,6 @@ jobs:
       id-token: write
     outputs:
       published-version: ${{ needs.check-version.outputs.current-version }}
-    env:
-      NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
     steps:
       - uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm