Skip to content

Use Trusted Publishing for NPM #2278

New issue
New issue
Closed
Closed
Use Trusted Publishing for NPM#2278
Labels
🏦 debtTech debt
@mpkorstanje

Description

@mpkorstanje
mpkorstanje
opened on Sep 17, 2025

🤔 What's the problem you've observed?

The action-publish-npm action was created to

  1. Ensure that only trusted code handles the credentials for NPM Packages
  2. Provide a reusable standardized method to publish NPM Packages in the Cucumber org.

✨ Do you have a proposal for making it better?

With trusted publishing we no longer have to use credentials. The action can authenticate itself with NPM through GitHub.

📚 Any additional context?

For a reference implementation see: https://github.com/cucumber/query/blob/main/.github/workflows/release-npm.yml

Projects to be upgraded:

mpkorstanje@nyx:~/Projects/cucumber/code-search$ grep -rl action-publish-npm
cucumber/gherkin/.github/workflows/release-npm.yml
cucumber/message-streams/.github/workflows/release-npm.yml
cucumber/gherkin-streams/.github/workflows/release.yml
cucumber/cucumber-json-schema/.github/workflows/release-npm.yaml
cucumber/html-formatter/.github/workflows/release-javascript.yml
cucumber/compatibility-kit/.github/workflows/release-npm.yml
cucumber/ci-environment/.github/workflows/release-javascript.yml
cucumber/cucumber-js/.github/workflows/release-npm-latest.yaml
cucumber/cucumber-js/.github/workflows/release-npm-next.yaml
cucumber/junit-xml-formatter/.github/workflows/release-npm.yml
cucumber/react-components/.github/workflows/release-npm.yaml
cucumber/language-server/.github/workflows/release-npm.yml
cucumber/pretty-formatter/.github/workflows/release-npm.yaml
cucumber/screenplay.js/.github/workflows/release-npm.yaml
cucumber/cucumber-node/.github/workflows/release-npm.yaml
cucumber/language-service/.github/workflows/release-npm.yml
cucumber/cucumber-json-converter/.github/workflows/release-npm.yaml
cucumber/monaco/.github/workflows/release-npm.yml
cucumber/messages/.github/workflows/release-npm.yml
cucumber/gherkin-utils/.github/workflows/release-npm.yml
cucumber/tag-expressions/.github/workflows/release-npm.yml
cucumber/javascript-core/.github/workflows/release-npm.yaml

We can consider archiving some of these, if they're inactive.

Metadata

Metadata

Assignees

No one assigned

    Labels

    🏦 debtTech debt

    Type

    No type

    Projects

    New issues

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions