From 5a50b60a239e5e16dde493ee85bf98f78b768a30 Mon Sep 17 00:00:00 2001
From: Yilin Jing <yilin.jing.ai@outlook.com>
Date: Wed, 25 Mar 2026 11:46:47 +0800
Subject: [PATCH] fix: configure npm publish for scoped package

- Add publishConfig.access=public to package.json (scoped packages
  default to restricted, causing 404 on first publish)
- Pass NPM_TOKEN as NODE_AUTH_TOKEN to the changesets/action step
  so npm publish authenticates against registry.npmjs.org

Requires NPM_TOKEN secret to be set in repo settings.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
---
 .github/workflows/release.yml | 1 +
 package.json                  | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 129e145..f45ff48 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,6 +44,7 @@ jobs:
           createGithubReleases: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       # GITHUB_TOKEN pushes don't trigger workflows on the Version Packages PR.
       # Close and reopen it so CI checks run without manual intervention.
diff --git a/package.json b/package.json
index 69c41e2..0c33d58 100644
--- a/package.json
+++ b/package.json
@@ -30,6 +30,9 @@
   "engines": {
     "node": ">=20"
   },
+  "publishConfig": {
+    "access": "public"
+  },
   "license": "MIT",
   "repository": {
     "type": "git",