From abbc1c3977aaa9768eec7a54bb4f34577b0ba20a Mon Sep 17 00:00:00 2001
From: abose <arun@core.ai>
Date: Fri, 9 Jan 2026 18:01:41 +0530
Subject: [PATCH] chore: migrate to new npm publish infra

---
 .github/workflows/npm-publish.yml | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index ac48f92..9666a1d 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -1,20 +1,27 @@
-# When anyone pushes to npm branch in this repo, the package will be published to npm. This action requires
-# access to NPM_TOKEN secret. Contact core.ai admins to get access to core.ais org tokens.
-# To publish to your own npm account, follow this https://docs.npmjs.com/creating-and-viewing-access-tokens
+# When anyone pushes to npm branch in this repo, the package will be published to npm.
+# https://docs.npmjs.com/trusted-publishers is active in this repo
 name: Publish package to npm
 
 on:
   push:
     branches: [ npm ]
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   build-tasks:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+          registry-url: 'https://registry.npmjs.org'
       - name: Npm Install
         run: |
-          npm install
+          npm ci
       - name: building package
         run: |
           npm run build
@@ -25,5 +32,3 @@ jobs:
         run: |
           node .github/workflows/js/validatePackage.cjs
           npm publish --access public
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}