From ed93b2127cef355cde3cb55b8ac7ea0ba019c2c4 Mon Sep 17 00:00:00 2001
From: "F. Levi" <55688616+flevi29@users.noreply.github.com>
Date: Mon, 29 Sep 2025 13:38:32 +0300
Subject: [PATCH] Add provenance to published package

---
 .github/workflows/publish.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 0fd65cebf..eb940602f 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -9,6 +9,9 @@ env:
 jobs:
   publish-npm:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v5
       - uses: actions/setup-node@v5
@@ -26,11 +29,11 @@ jobs:
         run: yarn build
       - name: Publish with latest tag
         if: '!github.event.release.prerelease'
-        run: npm publish .
+        run: npm publish --provenance --access public
         env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       - name: Publish with beta tag
         if: 'github.event.release.prerelease'
-        run: npm publish . --tag beta
+        run: npm publish --provenance --access public --tag beta
         env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}