From 6e60cc979155d80c8d6952e8cbe376fa6da4f8fe Mon Sep 17 00:00:00 2001
From: bntvllnt <32437578+bntvllnt@users.noreply.github.com>
Date: Sun, 26 Apr 2026 21:55:53 +0200
Subject: [PATCH] fix(ci): stop stripping auth token before publish
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The sed + unset lines were removing NODE_AUTH_TOKEN before publishing,
leaving the runner with no credentials — causing ENEEDAUTH. NODE_AUTH_TOKEN
handles registry auth; --provenance handles attestation. They are independent.
Drop the credential-stripping lines from both canary and release jobs.
---
 .github/workflows/publish.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 218c7d8..0d675fb 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -79,9 +79,6 @@ jobs:
 
       - name: Publish canary
         run: |
-          sed -i '/_authToken/d' "$NPM_CONFIG_USERCONFIG"
-          unset NODE_AUTH_TOKEN
-
           BASE_VERSION=$(node -p "require('./package.json').version")
           SHORT_SHA=$(echo "$GITHUB_SHA" | cut -c1-7)
           CANARY_VERSION="${BASE_VERSION}-canary.${SHORT_SHA}"
@@ -171,8 +168,6 @@ jobs:
 
       - name: Publish to npm
         run: |
-          sed -i '/_authToken/d' "$NPM_CONFIG_USERCONFIG"
-          unset NODE_AUTH_TOKEN
           npm publish --tag latest --provenance --access public --ignore-scripts
 
       - name: Create GitHub Release