Skip to content

#63 update packages#64

Merged
ienaga merged 1 commit into
mainfrom
develop
Feb 7, 2026
Merged

#63 update packages#64
ienaga merged 1 commit into
mainfrom
develop

Conversation

@ienaga

@ienaga ienaga commented Feb 7, 2026

Copy link
Copy Markdown
Member

No description provided.

Copilot AI review requested due to automatic review settings February 7, 2026 23:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s npm tooling dependencies and adjusts the GitHub Actions publish workflow, likely to support a newer publishing/auth approach while bumping the package version.

Changes:

  • Bump package version to 3.1.13.
  • Update devDependencies (@types/node, @typescript-eslint/*, globals) and refresh package-lock.json accordingly.
  • Modify .github/workflows/publish.yml to use top-level OIDC permissions and simplify the publish step.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File Description
package.json Version bump and devDependency updates.
package-lock.json Lockfile refresh to match updated dependency versions.
.github/workflows/publish.yml Workflow permissions/job adjustments and changes to npm publish invocation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines 21 to +24
- run: npm install -g npm@latest
- run: npm install
- run: npm run release
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} No newline at end of file
- run: npm publish No newline at end of file

Copilot AI Feb 7, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

npm publish now runs without any authentication step (no NODE_AUTH_TOKEN, npm login, or equivalent). Unless the repo/package is configured for npm Trusted Publishing via GitHub OIDC, this workflow will fail at publish time. Consider restoring token-based auth or adding the required Trusted Publishing/provenance configuration explicitly.

Copilot uses AI. Check for mistakes.
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} No newline at end of file
- run: npm publish No newline at end of file

Copilot AI Feb 7, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The package name is scoped (@next2d/...) and package.json does not set publishConfig.access. Dropping --access public makes the access level implicit; for scoped packages this can default to restricted on first publish and can lead to inconsistent behavior across environments. Consider adding publishConfig: { "access": "public" } or keeping npm publish --access public in the workflow.

Copilot uses AI. Check for mistakes.
@ienaga ienaga merged commit 661182d into main Feb 7, 2026
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants