Gitea_Action/setup-node
1
0
Fork 0
mirror of https://github.com/actions/setup-node.git synced 2026-05-15 12:50:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix typos in documentation for publishing to npm with Trusted Publisher (OIDC)

Browse Source
This commit is contained in:
chiranjib-swain 2026-04-22 16:56:54 +05:30
parent 6633a8a672
commit 7ff57b903d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/advanced-usage.md
View File

@ -477,7 +477,7 @@ Please refer to the [Ensuring workflow access to your package - Configuring a pa
## Publishing to npm with Trusted Publisher (OIDC) ## Publishing to npm with Trusted Publisher (OIDC)
Npm supports Trusted Publishers, enabling packages to be published from GitHub Actions using OpenID Connect (OIDC) instead of long-lived npm tokens. This improves security by replacing static credentials with short-lived tokens, reducing the risk of credential leakage and simplifying authentication in CI/CD workflows. npm supports Trusted Publishers, enabling packages to be published from GitHub Actions using OpenID Connect (OIDC) instead of long-lived npm tokens. This improves security by replacing static credentials with short-lived tokens, reducing the risk of credential leakage and simplifying authentication in CI/CD workflows.
### Requirements ### Requirements
@ -516,7 +516,7 @@ You must also configure a **Trusted Publisher** in npm for your package/scope th
* `contents: read` is required for repository access * `contents: read` is required for repository access
* If a Trusted Publisher is configured with a GitHub Actions **environment**, it must also be set on the job (e.g. `environment: release`). * If a Trusted Publisher is configured with a GitHub Actions **environment**, it must also be set on the job (e.g. `environment: release`).
OIDC authentication is handled automatically via GitHubs identity token. OIDC authentication is handled automatically via GitHub's identity token.
> **Note**: If the Trusted Publisher configuration (GitHub owner/repo/workflow file, and optional environment) does not match the workflow run identity exactly, publishing may fail with **E404 Not Found** even if the package exists on npm. > **Note**: If the Trusted Publisher configuration (GitHub owner/repo/workflow file, and optional environment) does not match the workflow run identity exactly, publishing may fail with **E404 Not Found** even if the package exists on npm.