From 93cb3149d228516dfca679606c5060ee44f46437 Mon Sep 17 00:00:00 2001
From: Shivam Mathur <shivam_jpr@hotmail.com>
Date: Sun, 15 Mar 2026 22:01:57 +0530
Subject: [PATCH] Fix permission for OIDC tokens in publish.yml for trusted
 publishing [skip ci]

---
 .github/workflows/publish.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 8be0a15c..f861d8d8 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -16,6 +16,7 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
     steps:
       - name: Checkout release
         if: github.event_name != 'workflow_dispatch'
@@ -30,7 +31,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: '20.x'
+          node-version: '24.x'
           registry-url: https://registry.npmjs.org
 
       - name: Install dependencies and add lib
@@ -42,8 +43,6 @@ jobs:
       - name: Publish to NPM
         if: "!contains(github.event.inputs.skip, 'skip-npm')"
         run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Change to GitHub Packages registry
         uses: actions/setup-node@v6