npm-trusted-publishing

Enables automated npm package publishing via GitHub Actions with OIDC trusted publishing and provenance configuration.

Install this skill

92/100

Security score

The npm-trusted-publishing skill was audited on Jun 5, 2026 and we found 4 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 161

Template literal with variable interpolation in command context

SourceSKILL.md

161

```yaml

low line 25

External URL reference

SourceSKILL.md

25	1. Go to https://www.npmjs.com/settings/

low line 88

External URL reference

SourceSKILL.md

88	registry-url: 'https://registry.npmjs.org'

low line 176

External URL reference

SourceSKILL.md

176	\| `ENEEDAUTH` \| No `registry-url` in setup-node \| Add `registry-url: 'https://registry.npmjs.org'` \|

Scanned on Jun 5, 2026

View Security Dashboard

Installation guide →

GitHub Stars 7

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

frontend git testing devops backend-developer devops-sre growth-pm github development product

v1truv1us/ai-eng-system