Commit ce3812e

committed

adding login and disabling scripts on publish

The latter is a security measure to ensure that no third-party scripts run during the publication process. This reduces the risk of a token exposure, during the publish process

1 parent cc1a5a3 commit ce3812eCopy full SHA for ce3812e

File tree

1 file changed

-1

lines changed

.github/workflows
- npm-publish.yml

1 file changed

-1

lines changed

`‎.github/workflows/npm-publish.yml‎`

Lines changed: 7 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,13 @@ jobs:`
`45`	`45`	`- name: npm install`
`46`	`46`	`run: npm install`
`47`	`47`
	`48`	`+ - name: npm login`
	`49`	`+ run: \|`
	`50`	`+ npm config set //registry.npmjs.org/:_authToken ${{secrets.NPM_TOKEN}}`
	`51`	`+ npm publish --ignore-scripts`
	`52`	`+`
	`53`	`+`
`48`	`54`	`- name: publish to npm`
`49`		`- run: npm publish . --tag ${{steps.get_package_json.outputs.prop}}@${{steps.get_package_version.outputs.prop}}`
	`55`	`+ run: npm publish . --tag ${{steps.get_package_json.outputs.prop}}@${{steps.get_package_version.outputs.prop}} --ignore-scripts`
`50`	`56`	`env:`
`51`	`57`	`NPM_TOKEN: ${{secrets.NPM_TOKEN}}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit ce3812e

File tree

1 file changed

1 file changed

`‎.github/workflows/npm-publish.yml‎`

0 commit comments