Problem

For now the releaser only supports trusted publishers for PyPI.

To publish to npm, NPM_TOKEN must be provided as a secret to the environment or repo.

Proposed Solution

Make sure it's possible to use the npm trusted publishers by default: https://docs.npmjs.com/trusted-publishers#step-1-add-a-trusted-publisher-on-npmjscom

The releaser likely needs to be updated to retrieved the OIDC token, like in #511 for PyPI.

Docs should also be updated to recommend using the trusted publishers, while still allowing for NPM_TOKEN.

Additional context

This was also announced here: https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/