From 59ee3572f3f5322b3fbd4fe8740fc022ad27190d Mon Sep 17 00:00:00 2001
From: sunnylqm <sunnylqm@gmail.com>
Date: Wed, 10 Dec 2025 22:14:57 +0800
Subject: [PATCH] Update GitHub Actions workflow for npm publishing: add
 permissions for OIDC, upgrade Node.js version to 24.x, and ensure npm is
 updated to version 11.5.1 or later.

---
 .github/workflows/publish.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 4977bca..94aef2c 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -2,6 +2,11 @@ name: Publish Package to npmjs
 on:
   release:
     types: [published]
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -14,9 +19,10 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
+          node-version: '24.x'
           registry-url: 'https://registry.npmjs.org'
       - run: bun install --frozen-lockfile
+      # Ensure npm 11.5.1 or later is installed
+      - name: Update npm
+        run: npm install -g npm@latest
       - run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}