From 6196d2f73fda13b440a4f3f1ceba499035f1a8bc Mon Sep 17 00:00:00 2001 From: Nastassia Fulconis Date: Tue, 17 Feb 2026 23:35:43 +0100 Subject: [PATCH 1/4] fix: add registry-url to setup-node for npm Trusted Publishing Without registry-url, setup-node doesn't create the .npmrc file needed for OIDC auth to work. This caused ENEEDAUTH errors during changeset publish. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c88c2bf..391335d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,6 +25,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: '20' + registry-url: 'https://registry.npmjs.org' - name: Update npm run: npm install -g npm@latest From a6f9ce5b1aec7b1e29b7a0fd929bb80a8d5910f2 Mon Sep 17 00:00:00 2001 From: Nastassia Fulconis Date: Tue, 17 Feb 2026 23:38:48 +0100 Subject: [PATCH 2/4] chore: add changeset for workflow fix Co-Authored-By: Claude Opus 4.6 --- .changeset/fix-npm-publish.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/fix-npm-publish.md diff --git a/.changeset/fix-npm-publish.md b/.changeset/fix-npm-publish.md new file mode 100644 index 0000000..cea05ac --- /dev/null +++ b/.changeset/fix-npm-publish.md @@ -0,0 +1,5 @@ +--- +"scope3": patch +--- + +Fix npm Trusted Publishing by adding registry-url to setup-node in release workflow From 4f31287b27a76978bb8fbeb672369f352e357d06 Mon Sep 17 00:00:00 2001 From: Nastassia Fulconis Date: Tue, 17 Feb 2026 23:44:44 +0100 Subject: [PATCH 3/4] fix: configure npm Trusted Publishing for release workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Upgrade Node.js 20 → 22 (npm Trusted Publishing requires Node 22.14.0+) - Add registry-url for OIDC token exchange - Add publishConfig.provenance for changeset publish compatibility - Remove redundant npm@latest upgrade (Node 22 ships with npm 11+) Co-Authored-By: Claude Opus 4.6 --- .github/workflows/release.yml | 5 +---- package.json | 3 ++- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 391335d..cfb174e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,12 +24,9 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version: '22' registry-url: 'https://registry.npmjs.org' - - name: Update npm - run: npm install -g npm@latest - - name: Install dependencies run: npm ci diff --git a/package.json b/package.json index a9a7adf..3fd7840 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,8 @@ "LICENSE" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "bin": { "scope3": "dist/cli/index.js" From 52b6b25a23259e6ba2a9088550aec6c12836e604 Mon Sep 17 00:00:00 2001 From: Nastassia Fulconis Date: Tue, 17 Feb 2026 23:48:34 +0100 Subject: [PATCH 4/4] fix: restore npm update step in release workflow Node 22 may not ship with npm 11.5.1+ which is the minimum for Trusted Publishing. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cfb174e..57c1bfc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,6 +27,9 @@ jobs: node-version: '22' registry-url: 'https://registry.npmjs.org' + - name: Update npm + run: npm install -g npm@latest + - name: Install dependencies run: npm ci