From 22eb1239154f3716e6c5a1d82b129c3eddba5683 Mon Sep 17 00:00:00 2001 From: marcomariscal <42938673+marcomariscal@users.noreply.github.com> Date: Mon, 20 Apr 2026 11:30:42 -0700 Subject: [PATCH 1/2] fix: remove recursive publish script --- RELEASING.md | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/RELEASING.md b/RELEASING.md index 5bb579c..d522692 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -17,6 +17,7 @@ - Publishing is handled by GitHub Actions via `.github/workflows/publish.yml`. - npm publishing uses trusted publishing with GitHub OIDC; no long-lived npm token or PAT is required. +- Do not define an npm `publish` lifecycle script that calls `npm publish`; use a non-lifecycle script name such as `publish:manual` for manual local publishing helpers. - The publish job runs in the `npm-release` GitHub environment. - `package.json` must include a `repository.url` that exactly matches `https://github.com/ScopeLift/stealth-address-sdk`. - The npm package's trusted publisher settings must exactly match `ScopeLift/stealth-address-sdk`, workflow `publish.yml`, and environment `npm-release`. diff --git a/package.json b/package.json index a83e65a..da82c33 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "watch": "bun test --watch src", "check": "biome check .", "fix": "biome check --apply .", - "publish": "bun run build && npm publish --access public" + "publish:manual": "bun run build && npm publish --access public --tag latest" }, "devDependencies": { "@biomejs/biome": "1.6.4", From 9dfde4148f31fbde4083a83d09f9614ee6bd4500 Mon Sep 17 00:00:00 2001 From: marcomariscal <42938673+marcomariscal@users.noreply.github.com> Date: Mon, 20 Apr 2026 11:55:00 -0700 Subject: [PATCH 2/2] fix: remove manual publish helper --- RELEASING.md | 2 +- package.json | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index d522692..56c7ee4 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -17,7 +17,7 @@ - Publishing is handled by GitHub Actions via `.github/workflows/publish.yml`. - npm publishing uses trusted publishing with GitHub OIDC; no long-lived npm token or PAT is required. -- Do not define an npm `publish` lifecycle script that calls `npm publish`; use a non-lifecycle script name such as `publish:manual` for manual local publishing helpers. +- Do not define package publish scripts in `package.json`; publish to npm only through the GitHub Actions workflow. - The publish job runs in the `npm-release` GitHub environment. - `package.json` must include a `repository.url` that exactly matches `https://github.com/ScopeLift/stealth-address-sdk`. - The npm package's trusted publisher settings must exactly match `ScopeLift/stealth-address-sdk`, workflow `publish.yml`, and environment `npm-release`. diff --git a/package.json b/package.json index da82c33..206a0ac 100644 --- a/package.json +++ b/package.json @@ -32,8 +32,7 @@ "build": "bun run check && bun tsc", "watch": "bun test --watch src", "check": "biome check .", - "fix": "biome check --apply .", - "publish:manual": "bun run build && npm publish --access public --tag latest" + "fix": "biome check --apply ." }, "devDependencies": { "@biomejs/biome": "1.6.4",