From 2630a415ac7d9b41d0e1c14aae48fea8e1548052 Mon Sep 17 00:00:00 2001
From: Dmitry Panov <dop@itoolabs.com>
Date: Wed, 15 Oct 2025 14:36:49 +0100
Subject: [PATCH 1/5] Use npm trusted publishing instead of token

---
 .github/actions/publish-types/action.yml | 11 +++--------
 .github/workflows/main.yml               |  9 ++++++---
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/.github/actions/publish-types/action.yml b/.github/actions/publish-types/action.yml
index 10c98a7..34d5fdc 100644
--- a/.github/actions/publish-types/action.yml
+++ b/.github/actions/publish-types/action.yml
@@ -3,9 +3,6 @@ inputs:
   VERSION:
     description: Packages version
     required: true
-  NODE_AUTH_TOKEN:
-    description: Node auth token
-    required: true
 runs:
   using: composite
   steps:
@@ -29,7 +26,7 @@ runs:
           jq --arg version "${{ inputs.VERSION }}" '.dependencies."@dop251/types-goja_nodejs-global" = $version' $pkg/types/package.json > $pkg/types/tmp.json && mv $pkg/types/tmp.json $pkg/types/package.json
         done
     - name: Setup nodejs
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v6
       with:
         node-version: '22'
         registry-url: 'https://registry.npmjs.org'
@@ -37,12 +34,10 @@ runs:
       shell: bash
       run: |
         cd global-types
-        npm publish --access=public
+        npm publish --dry-run --access=public
         cd -
         for pkg in ${{ steps.vars.outputs.PKGS }}; do
           cd $pkg/types
-          npm publish --access=public
+          npm publish --dry-run --access=public
           cd -
         done
-      env:
-        NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 701f305..4d2d218 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,5 +1,10 @@
 on: [push, pull_request]
 name: Test
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   test:
     strategy:
@@ -60,13 +65,12 @@ jobs:
         if: env.version != ''
         with:
           VERSION: ${{ env.version }}
-          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
 
   publish-types-untagged:
     name: 'Publish type definitions to npm (untagged master)'
     needs: [ test, test-types ]
     runs-on: ubuntu-latest
-    if: "!startsWith(github.ref, 'refs/tags/v') && github.ref_name == 'master'"
+    if: "!startsWith(github.ref, 'refs/tags/v') && github.ref_name == 'npm-trusted-publishing'"
     steps:
       - uses: actions/checkout@v4
       - name: Extract version
@@ -76,4 +80,3 @@ jobs:
       - uses: './.github/actions/publish-types'
         with:
           VERSION: ${{ env.version }}
-          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}

From 76005f1f09980c813ef670ec5c1ca6b0327b03f8 Mon Sep 17 00:00:00 2001
From: Dmitry Panov <dop@itoolabs.com>
Date: Wed, 15 Oct 2025 14:49:19 +0100
Subject: [PATCH 2/5] Use npm trusted publishing instead of token

---
 .github/actions/publish-types/action.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/actions/publish-types/action.yml b/.github/actions/publish-types/action.yml
index 34d5fdc..719a393 100644
--- a/.github/actions/publish-types/action.yml
+++ b/.github/actions/publish-types/action.yml
@@ -38,6 +38,7 @@ runs:
         cd -
         for pkg in ${{ steps.vars.outputs.PKGS }}; do
           cd $pkg/types
+          npm whoami
           npm publish --dry-run --access=public
           cd -
         done

From f804fa1d90ba5a03e069ab7ec6d7767345e2801f Mon Sep 17 00:00:00 2001
From: Dmitry Panov <dop@itoolabs.com>
Date: Wed, 15 Oct 2025 15:06:16 +0100
Subject: [PATCH 3/5] Use npm trusted publishing instead of token

---
 .github/actions/publish-types/action.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/actions/publish-types/action.yml b/.github/actions/publish-types/action.yml
index 719a393..b265476 100644
--- a/.github/actions/publish-types/action.yml
+++ b/.github/actions/publish-types/action.yml
@@ -33,12 +33,13 @@ runs:
     - name: Publish the packages
       shell: bash
       run: |
+        npm version
+        npm install -g npm@11.5.1
         cd global-types
-        npm publish --dry-run --access=public
+        npm publish --verbose --dry-run --access=public
         cd -
         for pkg in ${{ steps.vars.outputs.PKGS }}; do
           cd $pkg/types
-          npm whoami
           npm publish --dry-run --access=public
           cd -
         done

From 913ced67c84fe972f2ec856a334e8621444c878f Mon Sep 17 00:00:00 2001
From: Dmitry Panov <dop@itoolabs.com>
Date: Wed, 15 Oct 2025 15:15:49 +0100
Subject: [PATCH 4/5] Use npm trusted publishing instead of token

---
 .github/actions/publish-types/action.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/actions/publish-types/action.yml b/.github/actions/publish-types/action.yml
index b265476..3cc594f 100644
--- a/.github/actions/publish-types/action.yml
+++ b/.github/actions/publish-types/action.yml
@@ -36,10 +36,10 @@ runs:
         npm version
         npm install -g npm@11.5.1
         cd global-types
-        npm publish --verbose --dry-run --access=public
+        npm publish --verbose --dry-run --tag latest --access=public
         cd -
         for pkg in ${{ steps.vars.outputs.PKGS }}; do
           cd $pkg/types
-          npm publish --dry-run --access=public
+          npm publish --dry-run --tag latest --access=public
           cd -
         done

From de3cef52e0fb3315e818290935aee3e4190088ff Mon Sep 17 00:00:00 2001
From: Dmitry Panov <dop@itoolabs.com>
Date: Wed, 15 Oct 2025 16:08:07 +0100
Subject: [PATCH 5/5] Use npm trusted publishing instead of token

---
 .github/actions/publish-types/action.yml | 5 ++---
 .github/workflows/main.yml               | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/actions/publish-types/action.yml b/.github/actions/publish-types/action.yml
index 3cc594f..bbda757 100644
--- a/.github/actions/publish-types/action.yml
+++ b/.github/actions/publish-types/action.yml
@@ -33,13 +33,12 @@ runs:
     - name: Publish the packages
       shell: bash
       run: |
-        npm version
         npm install -g npm@11.5.1
         cd global-types
-        npm publish --verbose --dry-run --tag latest --access=public
+        npm publish ---tag latest --access=public
         cd -
         for pkg in ${{ steps.vars.outputs.PKGS }}; do
           cd $pkg/types
-          npm publish --dry-run --tag latest --access=public
+          npm publish --tag latest --access=public
           cd -
         done
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 4d2d218..ec38028 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -70,7 +70,7 @@ jobs:
     name: 'Publish type definitions to npm (untagged master)'
     needs: [ test, test-types ]
     runs-on: ubuntu-latest
-    if: "!startsWith(github.ref, 'refs/tags/v') && github.ref_name == 'npm-trusted-publishing'"
+    if: "!startsWith(github.ref, 'refs/tags/v') && github.ref_name == 'master'"
     steps:
       - uses: actions/checkout@v4
       - name: Extract version