fix(ci): pin npm version to avoid self-upgrade corruption (#785)

aidandaly24 · web-flow · commit 9c10f2cba46d · 2026-04-07T18:01:23.000-04:00
npm install -g npm@latest fails on GitHub Actions runners when npm
tries to replace its own modules mid-installation, corrupting the
promise-retry dependency. Pin to npm@11.5.1 which is the minimum
version needed for OIDC trusted publishing.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -317,7 +317,7 @@ jobs:
       - name: Ensure npm 11.5.1+ for trusted publishing
         run: |
           echo "Current npm version: $(npm --version)"
-          npm install -g npm@latest
+          npm install -g npm@11.5.1
           echo "Updated npm version: $(npm --version)"
 
       - name: Download artifacts
