From 4cd5a0d8ad7de8f1c629b4352b2d8cd8501eef8c Mon Sep 17 00:00:00 2001
From: Adam <adam@phntms.com>
Date: Wed, 25 Jun 2025 17:12:15 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 2: Workflow does
 not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/npmpublish.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/npmpublish.yml b/.github/workflows/npmpublish.yml
index 769d491..42fd38a 100644
--- a/.github/workflows/npmpublish.yml
+++ b/.github/workflows/npmpublish.yml
@@ -6,6 +6,9 @@ on:
 
 jobs:
   publish-npm:
+    permissions:
+      contents: read
+      packages: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2