From cb6ca38f7f5ffd8f4376a963cbc6c4232b826eff Mon Sep 17 00:00:00 2001
From: Valentin Popov <valentin@popov.link>
Date: Thu, 5 Feb 2026 23:47:19 +0000
Subject: Update GitHub Actions workflow to publish with provenance

- Removed the registry URL from the setup-node action for cleaner configuration.
- Modified the publish command to include the --provenance flag, enhancing the security and traceability of published packages.
---
 .github/workflows/publish.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to '.github/workflows')

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index a6d3fa4..aa0217d 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -67,7 +67,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 22
-          registry-url: https://registry.npmjs.org/
           cache: "npm"
           cache-dependency-path: package-lock.json
       - name: Check tag matches package version
@@ -85,4 +84,4 @@ jobs:
       - name: Verify plugin
         run: npm run verify
       - name: Publish
-        run: npm publish
+        run: npm publish --provenance
-- 
cgit v1.2.3