This test is consistently failing I assume this pre-dates this PR, but I don't see an issue to fix it.

You're right that it pre-dates this PR. This change only adds a top-level permissions: contents: read to the workflow token and touches no test or build logic, so it can't be the cause. The same workflow is already red on master (the #228 and #217 merge runs on 2026-05-26 both failed).

The failing job is "Build Test Node 22", and the step that exits non-zero is yarn check-prettier:

$ yarn prettier && git diff --exit-code
$ prettier --write --config .prettierrc 'lib/**/*.js' 'build/**/*.js' 'test/**/*.js'
error Command failed with exit code 1.

So prettier --write is reformatting committed files and the following git diff --exit-code fails. It's a formatting drift in the tree (likely a prettier version bump), not a test failure: the actual tap suite passes on that job. The other Node versions stay green because only the Node 22 "Build Test" job runs the lint/prettier step.

Happy to open a separate small PR that runs prettier across lib/build/test to get the job green again, or file a tracking issue if you'd prefer to handle the formatting bump yourselves. Either way it's independent of this permissions change.

Looked into this, it's not a prettier change - it's from #217, which added a post-process step to the built emscripten output but didn't check in the file with the build change. No idea why CI ran clean on that PR but failed on all subsequent merges. #230 fixes this, we should probably merge that first and then this should run green.