notebook icon indicating copy to clipboard operation
notebook copied to clipboard
verified publisher icon jupyter

Use npm trusted publishers

Open jtpio opened this issue 2 months ago • 1 comments

Sibling issue: https://github.com/jupyterlab/jupyterlab/issues/17993

Proposed Solution

  • [x] On https://www.npmjs.com, for each package, set up the trusted publisher with the following information:
    • Organization or user*: jupyter
    • Repository*: notebook
    • Workflow filename*: publish-release.yml
    • Environment name: release
  • [ ] Wait for https://github.com/jupyterlab/maintainer-tools/pull/259 to be merged and released
    • [x] Use https://github.com/jupyter/notebook/pull/7749 while waiting for https://github.com/jupyter-server/jupyter_releaser/issues/617
  • [x] Delete the NPM_TOKEN secret from the repo
  • [x] Try make a new release: https://github.com/jupyter/notebook/actions/runs/18644636505/job/53149452930
  • [ ] Enable the strictest security option on npm: "Require two-factor authentication and disallow tokens (recommended)"
  • [ ] Remove jupyter-release-bot from the @jupyter-notebook org on npm

jtpio avatar Oct 14 '25 18:10 jtpio

https://github.com/jupyter/notebook/releases/tag/v7.5.0b1 was released with the npm trusted publishers:

Image

jtpio avatar Oct 20 '25 07:10 jtpio