From 4f4b26c595b933ae0228fe2e615d3caa1dd52e7b Mon Sep 17 00:00:00 2001
From: bhav-ye <bhavyasri.yellapragada@staffbase.com>
Date: Tue, 6 Jan 2026 09:37:15 +0100
Subject: [PATCH 1/2] edits to enable trusted publishing

---
 .github/workflows/publish-npm.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
index 1ff416c..3e738b9 100644
--- a/.github/workflows/publish-npm.yml
+++ b/.github/workflows/publish-npm.yml
@@ -6,22 +6,20 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          registry-url: 'https://registry.npmjs.org'
-  
+          node-version: "24"
+          registry-url: "https://registry.npmjs.org"
+
       - name: Install dependencies
         run: npm install
 
       - name: Create build
         run: npm run build
 
-      - name: Publish package on NPM 📦        
+      - name: Publish package on NPM 📦
         run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file

From 2783c2ee7534b2c0abb5d7fa1ba24aaa68218d1c Mon Sep 17 00:00:00 2001
From: Bhavya Yellapragda <bhavyasri.yellapragada@staffbase.com>
Date: Tue, 6 Jan 2026 12:15:29 +0100
Subject: [PATCH 2/2] Update publish-npm.yml with permissions

Added permissions for OIDC and content access.
---
 .github/workflows/publish-npm.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
index 3e738b9..f9f5a2b 100644
--- a/.github/workflows/publish-npm.yml
+++ b/.github/workflows/publish-npm.yml
@@ -2,6 +2,9 @@ name: Publish to NPM Registry
 on:
   release:
     types: [created]
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
 jobs:
   build:
     runs-on: ubuntu-latest