Skip to content

NPM Trusted publishing#2366

Merged
yoavain merged 2 commits intomainfrom
npm-trusted-publishing
Feb 27, 2026
Merged

NPM Trusted publishing#2366
yoavain merged 2 commits intomainfrom
npm-trusted-publishing

Conversation

@yoavain
Copy link
Owner

@yoavain yoavain commented Feb 27, 2026
edited by qodo-code-review bot
Loading

User description

  • Remove registry from .npmrc

PR Type

Enhancement

Description

  • Remove hardcoded registry URL from .npmrc configuration

  • Enable NPM trusted publishing workflow support

Diagram Walkthrough

flowchart LR
  A[".npmrc config"] -- "Remove hardcoded registry" --> B["Trusted publishing enabled"]
Loading

File Walkthrough
Relevant files
Configuration changes
.npmrc
Remove registry URL for trusted publishing                             

.npmrc

  • Removed hardcoded //registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}
    line
  • Retained save-exact=true and package-lock=true settings
  • Allows NPM trusted publishing to handle authentication
 +0/-1     

@yoavain
NPM Trusted publishing
9823467 
* Remove registry from .npmrc
@yoavain
Copy link
Owner Author

yoavain commented Feb 27, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@qodo-code-review
Copy link

qodo-code-review bot commented Feb 27, 2026
edited
Loading

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

  • Update
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link

qodo-code-review bot commented Feb 27, 2026
edited
Loading

PR Code Suggestions ✨

No code suggestions found for the PR.

@codecov
Copy link

codecov bot commented Feb 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.04%. Comparing base (6c665d8) to head (176c1ea).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2366   +/-   ##
=======================================
  Coverage   94.04%   94.04%           
=======================================
  Files          19       19           
  Lines         336      336           
  Branches       51       52    +1     
=======================================
  Hits          316      316           
  Misses         20       20

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@yoavain yoavain merged commit 037270d into main Feb 27, 2026
9 checks passed
@yoavain yoavain deleted the npm-trusted-publishing branch February 27, 2026 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yoavain