ci: Migrate package publishing from GitHub Packages to npmjs.org.

[Abhi347]

Summary by DevzyAi

• Chore: Updated the release pipeline to publish packages directly to the public npm registry, improving availability and making installs/updates more reliable for end users.
• Chore: Switched publishing authentication to use an npm access token, reducing release failures and ensuring public npm publishing works consistently.

[devzyai]

Walkthrough

This change updates the release pipeline to publish packages directly to the public npm registry using pnpm. It switches authentication from GitHub’s token to an explicit NPM_TOKEN secret, which is required for publishing to npmjs.org, and uses pnpm publish --no-git-checks --access public to ensure publishing works in CI without relying on git state checks.

Sequence

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant NPM as npmjs.org Registry
    Dev->>GH: Trigger release workflow
    GH->>GH: Install deps & build
    GH->>NPM: Authenticate with NPM_TOKEN
    GH->>NPM: pnpm publish --no-git-checks --access public

Loading

Changes

Group	File	Summary
Release publishing	.github/workflows/release.yml	Publish to https://registry.npmjs.org via pnpm publish --no-git-checks --access public, and switch auth from GITHUB_TOKEN to required NPM_TOKEN for public npm publishing.

A token held tight, a registry bright ✨📦
CI sails through the night, releases take flight 🚀🌙
Public and true, with pnpm in view 🧭✅

📋 Detailed File Changes

📊 Changes by Category (1 groups)

🔧 npm Release Publishing Workflow

Updates the GitHub Actions release pipeline to publish the package to the public npm registry (registry.npmjs.org) using pnpm publish with appropriate flags.

Files	Summary
.github/workflows/release.yml	Updates the release workflow to publish to npmjs.org (https://registry.npmjs.org) using pnpm publish --no-git-checks --access public, and switches authentication from GITHUB_TOKEN to a required NPM_TOKEN secret to support public npm publishing.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[devzyai]

Commits

Files that changed from the base of the PR and between 0755397 and 65616cc commits.

Files selected (1)

• .github/workflows/release.yml (2)

Files ignored due to filter (1)

• package.json

Review comments generated (1)

• Review: 1
• LGTM: 0

Additional findings (outside changed lines) (1)

These were referenced by the model but are outside the PR diff hunks, so they cannot be posted as inline review comments.

• .github/workflows/release.yml:3-39 [high] 💻 Syntax: YAML indentation error will break setup-node inputs (registry-url is misindented) registry-url is not aligned under with:, so GitHub Actions will ignore it or fa...

---

Tips

Chat with DevzyAi Bot (@DevzyAi)

• Reply on review comments left by this bot to ask follow-up questions. A review comment is a comment on a diff or a file.
• Invite the bot into a review comment chain by tagging @DevzyAi in a reply.

Code suggestions

• The bot may make code suggestions, but please review them carefully before committing since the line number ranges may be misaligned.
• You can edit the comment made by the bot and manually tweak the suggestion if it is slightly off.

Pausing incremental reviews

• Add @DevzyAi: ignore anywhere in the PR description to pause further reviews from the bot.

[devzyai]

🟠 High

💻 Syntax: YAML indentation error will prevent env from applying to the publish step

env: is indented under run: instead of being a sibling key, so NODE_AUTH_TOKEN won’t be set and pnpm publish will fail with an auth error.

-       - name: Publish to npm
-         run: pnpm publish --no-git-checks --access public
-          env:
-           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+       - name: Publish to npm
+         run: pnpm publish --no-git-checks --access public
+         env:
+           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

🤖 AI Fix Prompt - Copy this to your AI assistant

Fix the YAML syntax/indentation issue in .github/workflows/release.yml at line 47-53

What’s wrong and why it matters:
The Publish to npm step has `env:` indented under `run:` instead of being a sibling key at the step level. In GitHub Actions YAML, `run` is a scalar string and cannot contain nested keys. Because of this, `NODE_AUTH_TOKEN` will not be applied to the step environment, and `pnpm publish` will fail with an npm authentication error (missing/invalid token). This breaks releases.

What the fix should do:
Move `env:` so it is aligned with `run:` (same indentation level) within the “Publish to npm” step, and ensure `NODE_AUTH_TOKEN` is set from `${{ secrets.NPM_TOKEN }}`. Confirm the step remains a single list item under `steps:` and that indentation matches other steps in the job.

Reference in codebase:
Use any other step in this workflow (or other workflows under .github/workflows/) that correctly defines `env:` as a sibling of `run:` or `uses:` as the indentation reference.

Files that might be affected:
.github/workflows/release.yml
Optionally check other workflow files under .github/workflows/ for similar `env` indentation mistakes, but only change them if they are actually incorrect.

Requirements:
- Update only the indentation/structure; do not change the publish command or token name unless required for correctness
- Ensure `env:` is a sibling of `run:` for the Publish to npm step
- Validate the workflow YAML is syntactically valid after the change
- Keep `NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}` exactly under `env:` with correct indentation