Skip to content

feat: migrate npm publishing using OIDC #1400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
subhankarmaiti merged 2 commits into from
Dec 8, 2025
Merged

feat: migrate npm publishing using OIDC #1400

subhankarmaiti merged 2 commits into from
Dec 8, 2025

Conversation

@subhankarmaiti
Copy link
Contributor

@subhankarmaiti subhankarmaiti commented Dec 5, 2025

Migrates the npm publishing workflow from token-based authentication to OIDC (OpenID Connect)

Changes

  • Added id-token: write permission to enable OIDC authentication with npm
  • Added explicit permissions block to the reusable workflow

Why

  • Security: OIDC eliminates the need for long-lived npm tokens stored as secrets
  • Best Practice: Aligns with npm's recommended approach for GitHub Actions publishing

@subhankarmaiti subhankarmaiti requested a review from a team as a code owner December 5, 2025 11:39
@subhankarmaiti subhankarmaiti merged commit 6e6a2e5 into master Dec 8, 2025
4 checks passed
@subhankarmaiti subhankarmaiti deleted the feat/npm-oidc-publishing branch December 8, 2025 05:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gyaneshgouraw-okta gyaneshgouraw-okta gyaneshgouraw-okta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@subhankarmaiti @gyaneshgouraw-okta