lodestar icon indicating copy to clipboard operation
lodestar copied to clipboard
verified publisher icon ChainSafe

Migrate classic npm tokens on actions/workflows to OpenID Connect Auth

Open philknows opened this issue 3 months ago • 0 comments

As announced by NPM, they are requiring package maintainers to review CI/CD pipelines that use classic long-lived npm tokens. They will be revoking these for npm publishers soon and we'll need to migrate all of our repos to using trusted publishing for our Github actions.

This issue is to track migration of these repos to OIDC:

  • [ ] ChainSafe/benchmark
  • [ ] ChainSafe/biomejs-config
  • [ ] ChainSafe/bls
  • [x] ChainSafe/blst-ts
  • [ ] ChainSafe/bun-ffi-z
  • [ ] ChainSafe/discv5
  • [x] ChainSafe/hashtree-js
  • [ ] ChainSafe/is-ip
  • [ ] ChainSafe/js-libp2p-gossipsub
  • [x] ChainSafe/js-libp2p-noise
  • [x] ChainSafe/js-libp2p-yamux
  • [ ] ChainSafe/libp2p-quic
  • [ ] ChainSafe/lodestar
  • [ ] ChainSafe/node-prometheus-gc-stats
  • [ ] ChainSafe/pubkey-index-map
  • [ ] ChainSafe/ssz
  • [x] ChainSafe/swap-or-not-shuffle
  • [x] ChainSafe/xdelta3-node

philknows avatar Oct 16 '25 17:10 philknows