nodejs-npm-auto-release
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a standardized GitHub Actions workflow that utilizes official actions from the 'actions' organization (actions/checkout and actions/setup-node) for environment setup and repository interaction.
- [SAFE]: It employs GitHub Secrets (${{ secrets.NPM_TOKEN }}) for npm authentication, which is the recommended method for preventing credential exposure in CI/CD pipelines.
- [SAFE]: The template includes a .npmignore configuration that proactively excludes sensitive files such as .env and build-time dependencies (node_modules), significantly reducing the risk of accidental data leakage during the npm publication process.
Audit Metadata