fix: release

[petar-omni]

• Use NPM Trusted publishing

[changeset-bot]

⚠️ No Changeset found

Latest commit: 715666a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[Copilot]

Pull request overview

This PR migrates the NPM publishing authentication from token-based authentication to NPM Trusted Publishing (provenance-based publishing). The changes add the id-token: write permission required for OIDC-based authentication and remove the NPM_TOKEN secret dependency.

• Adds id-token: write permission to enable OIDC token generation
• Removes NPM_TOKEN from environment variables to rely on trusted publishing

Comments suppressed due to low confidence (1)

.github/workflows/release.yml:38

• The publish command must include the --provenance flag to enable NPM Trusted Publishing. While the id-token: write permission has been added, npm will not use trusted publishing without this flag. Update the release script in package.json to changeset publish --provenance or change this line to publish: pnpm run release --provenance.

          publish: pnpm run release

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.