From a33d8400e5ae582e7439a46c287f5ba04696c811 Mon Sep 17 00:00:00 2001 From: Nathan Totten Date: Tue, 14 Apr 2026 18:16:02 -0400 Subject: [PATCH 1/2] Replace GH_NPM_PACKAGE_READ_TOKEN with native GITHUB_TOKEN Use GitHub's native package access grants instead of a shared PAT for installing private @zuplo npm packages. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/dependabot.yml | 2 +- .github/workflows/main.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fbfe454..900eb1d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,7 +7,7 @@ registries: npm-github: type: npm-registry url: https://npm.pkg.github.com - token: ${{secrets.GH_NPM_PACKAGE_READ_TOKEN}} + token: ${{secrets.GITHUB_TOKEN}} updates: # Maintain dependencies for GitHub Actions diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 5200b59..0a38484 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -22,7 +22,7 @@ jobs: - run: npm install env: - GITHUB_NPM_TOKEN: ${{ secrets.GH_NPM_PACKAGE_READ_TOKEN }} + GITHUB_NPM_TOKEN: ${{ github.token }} - run: npm run build env: From f40a3b5decd81668b32cca49fe7b88c6be39c241 Mon Sep 17 00:00:00 2001 From: Nathan Totten Date: Wed, 15 Apr 2026 08:25:42 -0400 Subject: [PATCH 2/2] Add packages: read permission to workflow jobs Required for GITHUB_TOKEN to access private @zuplo npm packages when explicit permissions are set on the job. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 0a38484..83caed1 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -7,6 +7,7 @@ jobs: runs-on: ubuntu-latest permissions: + packages: read id-token: "write" contents: "read"