[🔥AUDIT🔥] Add missing package.json keys that are needed for OIDC (#92)

jeremywiebe · web-flow · commit 4c8218007616 · 2025-10-29T15:28:56.000-07:00
🖍 _This is an audit!_ 🖍 ## Summary: Trusted Publishing (OIDC) requires a `repository` key in the `package.json` with a `url` defined. This PR adds the required fields and hopefully fixes the last publish issue. Error: ``` 🦋 info npm info @khanacademy/graphql-flow 🦋 info @khanacademy/graphql-flow is being published because our local version (3.4.2) has not been published on npm 🦋 info Publishing "@khanacademy/graphql-flow" at "3.4.2" 🦋 error an error occurred while publishing @khanacademy/graphql-flow: E422 422 Unprocessable Entity - PUT https://registry.npmjs.org/@khanacademy%2fgraphql-flow - Error verifying sigstore provenance bundle: Failed to validate repository information: package.json: "repository.url" is "", expected to match "https://github.com/Khan/graphql-flow" from provenance 🦋 error npm notice SECURITY NOTICE: Breaking changes starting October 13, 2025. New tokens will be limited to a maximum lifetime of 90 days, and TOTP setup will be disabled. Classic tokens will be revoked in November. Update your CI/CD workflows to avoid disruption. Learn more: https://gh.io/npm-token-changes 🦋 error npm notice Publishing to https://registry.npmjs.org with tag latest and public access 🦋 error npm notice publish Signed provenance statement with source and build information from GitHub Actions 🦋 error npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=653196413 🦋 error npm error code E422 🦋 error npm error 422 Unprocessable Entity - PUT https://registry.npmjs.org/@khanacademy%2fgraphql-flow - Error verifying sigstore provenance bundle: Failed to validate repository information: package.json: "repository.url" is "", expected to match "https://github.com/Khan/graphql-flow" from provenance 🦋 error npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-10-29T22_19_58_512Z-debug-0.log 🦋 error 🦋 error packages failed to publish: 🦋 @khanacademy/graphql-flow@3.4.2 ``` Issue: "none" ## Test plan: Hrm Author: jeremywiebe Auditors: jaredly Required Reviewers: Approved By: Checks: ✅ 1 check was successful Pull Request URL: #92
diff --git a/package.json b/package.json
@@ -1,6 +1,13 @@
 {
     "name": "@khanacademy/graphql-flow",
     "version": "3.4.2",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/Khan/graphql-flow.git"
+    },
+    "bugs": {
+        "url": "https://github.com/Khan/graphql-flow/issues"
+    },
     "publishConfig": {
         "access": "public",
         "provenance": true
