npm-trusted-publishing
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends updating the package manager via
npm install -g npm@latest. This is a standard procedure to ensure compatibility with OIDC and provenance features and targets the official npm registry. - [EXTERNAL_DOWNLOADS]: References official documentation at
docs.npmjs.orgfor verifying configuration requirements, which is a trusted service. - [COMMAND_EXECUTION]: Provides YAML configuration snippets for GitHub Actions. These snippets correctly implement least-privilege security by requesting only the
id-token: writepermission necessary for OIDC authentication.
Audit Metadata