From d1b0f014d2c5ae448447b5a62808f5439a3fe7c0 Mon Sep 17 00:00:00 2001
From: OneSignal <noreply@onesignal.com>
Date: Tue, 24 Mar 2026 17:58:21 +0000
Subject: [PATCH] chore: add a `repository` field to package.json for npm's
 provenance verification

---
 .github/workflows/release.yml | 1 -
 package.json                  | 4 ++++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6e37a26..9188648 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,7 +31,6 @@ jobs:
       - name: Publish to NPM and Create GitHub Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           npx -p semantic-release \
               -p @semantic-release/changelog \
diff --git a/package.json b/package.json
index 2820c98..dbfe7d5 100644
--- a/package.json
+++ b/package.json
@@ -11,6 +11,10 @@
   ],
   "license": "MIT",
   "homepage": "https://github.com/OneSignal/onesignal-node-api",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/OneSignal/onesignal-node-api"
+  },
   "main": "./dist/index.js",
   "type": "commonjs",
   "exports": {