From f66eeb1afaa188992459c3c4b2cd42ca3bad4e41 Mon Sep 17 00:00:00 2001
From: Jan Wendling <jan.wendling@dfinity.org>
Date: Tue, 28 Oct 2025 09:57:45 +0100
Subject: [PATCH 1/5] chore: adds npm provenance feature

---
 actions/npm-publish/README.md   | 13 +++++++------
 actions/npm-publish/action.yaml |  6 ++++++
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/actions/npm-publish/README.md b/actions/npm-publish/README.md
index f2b440b..0c550eb 100644
--- a/actions/npm-publish/README.md
+++ b/actions/npm-publish/README.md
@@ -1,14 +1,15 @@
 # NPM publish
 
-This action publishes a package to the npm registry. It assumes that `npm` and `pnpm` is already setup, see the [setup PNPM action](../setup-pnpm/README.md) for a ready to use action to do this.
+This action publishes a package to the npm registry. It assumes that `npm` and `pnpm` is already setup, see the [setup PNPM action](../setup-pnpm/README.md) for a ready to use action to do this. Starting from npm version 11.5.1, OIDC is supported 
 
 ## Action inputs
 
-| Input             | Description                                                           | Default    |
-| ----------------- | --------------------------------------------------------------------- | ---------- |
-| `token`           | The npm token to authenticate with the npm registry.                  | _required_ |
-| `is_beta`         | Publish the package as a beta version. Expects a stringified boolean. | `'false'`  |
-| `package_manager` | The package manager to use for publishing.                            | `'npm'`    |
+| Input               | Description                                                           | Default    |
+| ------------------- | --------------------------------------------------------------------- | ---------- |
+| `token`             | The npm token to authenticate with the npm registry.                  | `''`       |
+| `is_beta`           | Publish the package as a beta version. Expects a stringified boolean. | `'false'`  |
+| `package_manager`   | The package manager to use for publishing.                            | `'npm'`    |
+| `enable_provenance` | Enable package provenance.                                            | `'true'`   |
 
 ## Action outputs
 
diff --git a/actions/npm-publish/action.yaml b/actions/npm-publish/action.yaml
index f6a1731..e011039 100644
--- a/actions/npm-publish/action.yaml
+++ b/actions/npm-publish/action.yaml
@@ -13,6 +13,11 @@ inputs:
     description: 'The package manager to use for publishing.'
     required: false
     default: 'npm'
+  enable_provenance:
+    description: 'Enable package provenance.'
+    required: false
+    default: 'true'
+
 
 outputs:
   artifact_filepath:
@@ -27,6 +32,7 @@ runs:
       env:
         NODE_AUTH_TOKEN: ${{ inputs.token }}
         IS_BETA: ${{ inputs.is_beta }}
+        NPM_CONFIG_PROVENANCE: ${{ inputs.enable_provenance }}
       shell: bash
       run: |
         artifact_filepath=$(pwd)/$(${{ inputs.package_manager }} pack --json | jq -r '.[0].filename')

From 04f83b00dd0d68c81906cf0cd2f7988a8c456679 Mon Sep 17 00:00:00 2001
From: Jan Wendling <jan.wendling@dfinity.org>
Date: Tue, 28 Oct 2025 10:00:02 +0100
Subject: [PATCH 2/5] chore: removes blank line

---
 actions/npm-publish/action.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/actions/npm-publish/action.yaml b/actions/npm-publish/action.yaml
index e011039..81286d2 100644
--- a/actions/npm-publish/action.yaml
+++ b/actions/npm-publish/action.yaml
@@ -18,7 +18,6 @@ inputs:
     required: false
     default: 'true'
 
-
 outputs:
   artifact_filepath:
     description: 'The path to the published package artifact.'

From 5a728e10acd88b98f176b5b19fa8d76b49d4b719 Mon Sep 17 00:00:00 2001
From: Jan Wendling <jan.wendling@dfinity.org>
Date: Tue, 28 Oct 2025 11:05:47 +0100
Subject: [PATCH 3/5] chore: update comments

---
 actions/npm-publish/README.md   | 14 +++++++-------
 actions/npm-publish/action.yaml |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/actions/npm-publish/README.md b/actions/npm-publish/README.md
index 0c550eb..b5960f6 100644
--- a/actions/npm-publish/README.md
+++ b/actions/npm-publish/README.md
@@ -1,15 +1,15 @@
 # NPM publish
 
-This action publishes a package to the npm registry. It assumes that `npm` and `pnpm` is already setup, see the [setup PNPM action](../setup-pnpm/README.md) for a ready to use action to do this. Starting from npm version 11.5.1, OIDC is supported 
+This action publishes a package to the npm registry. It assumes that `npm` and `pnpm` is already setup, see the [setup PNPM action](../setup-pnpm/README.md) for a ready to use action to do this. Starting from npm version 11.5.1, OIDC is supported.
 
 ## Action inputs
 
-| Input               | Description                                                           | Default    |
-| ------------------- | --------------------------------------------------------------------- | ---------- |
-| `token`             | The npm token to authenticate with the npm registry.                  | `''`       |
-| `is_beta`           | Publish the package as a beta version. Expects a stringified boolean. | `'false'`  |
-| `package_manager`   | The package manager to use for publishing.                            | `'npm'`    |
-| `enable_provenance` | Enable package provenance.                                            | `'true'`   |
+| Input               | Description.                                                                  | Default    |
+| ------------------- | ----------------------------------------------------------------------------- | ---------- |
+| `token`             | The npm token to authenticate with the npm registry.                          | `''`       |
+| `is_beta`           | Publish the package as a beta version. Expects a stringified boolean.         | `'false'`  |
+| `package_manager`   | The package manager to use for publishing.                                    | `'npm'`    |
+| `enable_provenance` | Enable the generation and publication of NPM's package provenance statements. | `'true'`   |
 
 ## Action outputs
 
diff --git a/actions/npm-publish/action.yaml b/actions/npm-publish/action.yaml
index 81286d2..da81dda 100644
--- a/actions/npm-publish/action.yaml
+++ b/actions/npm-publish/action.yaml
@@ -14,7 +14,7 @@ inputs:
     required: false
     default: 'npm'
   enable_provenance:
-    description: 'Enable package provenance.'
+    description: 'Enable the generation and publication of NPM`s package provenance statements.'
     required: false
     default: 'true'
 

From 31d85f9285030ee191be7c11a5a32961a8bff990 Mon Sep 17 00:00:00 2001
From: Jan Wendling <jan.wendling@dfinity.org>
Date: Tue, 28 Oct 2025 11:07:45 +0100
Subject: [PATCH 4/5] chore: update comments

---
 actions/npm-publish/action.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/npm-publish/action.yaml b/actions/npm-publish/action.yaml
index da81dda..2c696d6 100644
--- a/actions/npm-publish/action.yaml
+++ b/actions/npm-publish/action.yaml
@@ -14,7 +14,7 @@ inputs:
     required: false
     default: 'npm'
   enable_provenance:
-    description: 'Enable the generation and publication of NPM`s package provenance statements.'
+    description: 'Enable the generation and publication of NPM''s package provenance statements.'
     required: false
     default: 'true'
 

From c9d326e03852a0e4aa625cce63e4f20c54cb1c93 Mon Sep 17 00:00:00 2001
From: Jan Wendling <jan.wendling@dfinity.org>
Date: Tue, 28 Oct 2025 11:11:45 +0100
Subject: [PATCH 5/5] chore: update prettier changes

---
 actions/npm-publish/README.md   | 12 ++++++------
 actions/npm-publish/action.yaml |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/actions/npm-publish/README.md b/actions/npm-publish/README.md
index b5960f6..b25f9f9 100644
--- a/actions/npm-publish/README.md
+++ b/actions/npm-publish/README.md
@@ -4,12 +4,12 @@ This action publishes a package to the npm registry. It assumes that `npm` and `
 
 ## Action inputs
 
-| Input               | Description.                                                                  | Default    |
-| ------------------- | ----------------------------------------------------------------------------- | ---------- |
-| `token`             | The npm token to authenticate with the npm registry.                          | `''`       |
-| `is_beta`           | Publish the package as a beta version. Expects a stringified boolean.         | `'false'`  |
-| `package_manager`   | The package manager to use for publishing.                                    | `'npm'`    |
-| `enable_provenance` | Enable the generation and publication of NPM's package provenance statements. | `'true'`   |
+| Input               | Description.                                                                  | Default   |
+| ------------------- | ----------------------------------------------------------------------------- | --------- |
+| `token`             | The npm token to authenticate with the npm registry.                          | `''`      |
+| `is_beta`           | Publish the package as a beta version. Expects a stringified boolean.         | `'false'` |
+| `package_manager`   | The package manager to use for publishing.                                    | `'npm'`   |
+| `enable_provenance` | Enable the generation and publication of NPM's package provenance statements. | `'true'`  |
 
 ## Action outputs
 
diff --git a/actions/npm-publish/action.yaml b/actions/npm-publish/action.yaml
index 2c696d6..43cf8dc 100644
--- a/actions/npm-publish/action.yaml
+++ b/actions/npm-publish/action.yaml
@@ -14,7 +14,7 @@ inputs:
     required: false
     default: 'npm'
   enable_provenance:
-    description: 'Enable the generation and publication of NPM''s package provenance statements.'
+    description: "Enable the generation and publication of NPM's package provenance statements."
     required: false
     default: 'true'