v2 release fix

[KKonstantinov]

Motivation and Context

How Has This Been Tested?

Breaking Changes

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

[changeset-bot]

⚠️ No Changeset found

Latest commit: b7ae9db

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@1835

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@1835

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@1835

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/fastify@1835

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@1835

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@1835

commit: b7ae9db

[claude]

LGTM — clean refactor extracting the publish command into a named script with no functional change.

Extended reasoning...

Overview

This PR modifies two files: .github/workflows/release.yml and package.json. It extracts the inline pnpm run build:all && pnpm changeset publish command from the workflow into a named script release:publish in package.json, then references that script from the workflow.

Security Risks

No new security risks are introduced. The extracted script is functionally identical to the previous inline command. The only security note is the pre-existing inconsistency in action pinning (mutable @v6 tags for actions/checkout and actions/setup-node vs. SHA-pinned third-party actions), which is flagged as a pre-existing issue in the inline comments and was not introduced by this PR.

Level of Scrutiny

Low. This is a pure refactor — moving a command from an inline workflow step into a named npm script. The behavior is identical. No logic changes, no new dependencies, no new permissions.

Other Factors

No changeset is needed since this is a CI/workflow-only change. The PR description template was not filled out, but the change is self-explanatory from the diff.

[claude]

🟣 Pre-existing issue: actions/checkout@v6 and actions/setup-node@v6 are not pinned to commit hashes, unlike pnpm/action-setup and changesets/action in the same file. Since this PR already touches release.yml, consider adding hash pins to these two actions for consistency and to reduce supply-chain risk.

Extended reasoning...

Supply-Chain Risk: Inconsistent Action Pinning in release.yml

What the bug is: The release workflow uses a mix of pinning strategies. pnpm/action-setup is referenced as @fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 and changesets/action as @6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1 — both locked to immutable commit SHAs. However, actions/checkout and actions/setup-node use only @v6, a mutable major-version tag that can be silently updated.

The specific code path: Lines 16 and 22 of .github/workflows/release.yml reference actions/checkout@v6 and actions/setup-node@v6 respectively. These tags point to whatever commit the action maintainer pushes to that tag at any given time.

Why existing code does not prevent it: GitHub Actions resolves mutable tags at workflow execution time. There is no mechanism in the workflow itself that validates the integrity of the action code being executed. A compromised or malicious tag update would silently execute attacker-controlled code in the runner.

Impact: This workflow runs on pushes to main, has contents: write and pull-requests: write permissions, and has access to NPM_TOKEN and GITHUB_TOKEN. An attacker who hijacks the actions/checkout@v6 or actions/setup-node@v6 tag could exfiltrate NPM_TOKEN and publish malicious packages to npm under the @modelcontextprotocol namespace. While actions/checkout and actions/setup-node are GitHub-maintained (lower third-party risk), the supply-chain threat model for any mutable reference remains real.

Step-by-step proof of the inconsistency:

1. pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 — immutable SHA, attacker cannot change what code runs
2. changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf — immutable SHA, same protection
3. actions/checkout@v6 — mutable tag; if the tag is force-pushed to a malicious commit, the workflow runs that code next time
4. actions/setup-node@v6 — same issue
5. The workflow then proceeds to call pnpm run release:publish, which builds all packages and runs pnpm changeset publish with NPM_TOKEN in the environment — secrets are exposed to any code running in the job

How to fix: Look up the current commit SHA for actions/checkout@v6 and actions/setup-node@v6 (e.g., via gh api repos/actions/checkout/git/ref/tags/v6) and pin them:

- uses: actions/checkout@<SHA> # v6
- uses: actions/setup-node@<SHA> # v6

This is a pre-existing issue not introduced by this PR, but since the PR already modifies this file it is a natural opportunity to add consistency.