Skip to content

Update npmjs release process to use Trusted Publishing #23702

New issue
New issue
Open
Open
Update npmjs release process to use Trusted Publishing#23702
Assignees
mkuznyetsov
Labels
kind/releaseIssue dedicated to a release (content, status, related PR, go/nogo/problem discussion, etc.)kind/taskInternal things, technical debt, and to-do tasks to be performed.severity/P2Has a minor but important impact to the usage or development of the system.
@mkuznyetsov

Description

@mkuznyetsov
mkuznyetsov
opened on Jan 5, 2026

Is your task related to a problem? Please describe

npmjs recently revoked all previous tokens, context in this blogpost:
https://github.blog/changelog/2025-12-09-npm-classic-tokens-revoked-session-based-auth-and-cli-token-management-now-available/

We had to re-generate new variants of tokens, that have more limited scopes and lifetimes, which means we will have to do it repeatedly every time the tokens expire, and break the release pipeline, which now will be more often.

Describe the solution you'd like

We could use the workflows, proposed in the same blogpost, to configure the release pipelines for Trusted Publishing, which seems like a better approach.

https://docs.npmjs.com/trusted-publishers

Describe alternatives you've considered

keep using the current system and reset tokens.
OR
consider stopping publishing all/some artifacts to npmjs, if there's no need for it anymore

Additional context

No response

Metadata

Metadata

Assignees

Labels

kind/releaseIssue dedicated to a release (content, status, related PR, go/nogo/problem discussion, etc.)kind/taskInternal things, technical debt, and to-do tasks to be performed.severity/P2Has a minor but important impact to the usage or development of the system.

Type

No type

Projects

Eclipse Che Team A Backlog

Status

📋 Backlog

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions