|
|
|
|
|
|
by dgellow
78 days ago
|
|
|
npm process to setup OIDC is way too frustrating. There is just so much friction. You need the package to first exists in the registry, meaning you have to first create an API token and push something. And only then can you enable OIDC for that specific package. After adding the repo + workflow names, you have to save. Then finally toggle the “only allow OIDC publishing”. Before each action you need to enter your 2fa code. I got so frustrated with npm end of last year that I wrote a whole guide covering that issue: https://npmdigest.com/guides/npm-trusted-publishing |
|
|
Still needs to be published first, but looks like it automates all the annoying UI things you mentioned.