Skip to content

Migrate classic npm tokens on actions/workflows to OpenID Connect Auth #8544

New issue
New issue
Open
Open
Migrate classic npm tokens on actions/workflows to OpenID Connect Auth#8544
Assignees
kalambetphilknows
Labels
epicIssues used as milestones and tracking multiple issues.meta-pmIssues relating to Project Management tasks.
@philknows

Description

@philknows
philknows
opened on Oct 16, 2025

As announced by NPM, they are requiring package maintainers to review CI/CD pipelines that use classic long-lived npm tokens. They will be revoking these for npm publishers soon and we'll need to migrate all of our repos to using trusted publishing for our Github actions.

This issue is to track migration of these repos to OIDC:

  • ChainSafe/benchmark
  • ChainSafe/biomejs-config
  • ChainSafe/bls
  • ChainSafe/blst-ts
  • ChainSafe/bun-ffi-z
  • ChainSafe/discv5
  • ChainSafe/hashtree-js
  • ChainSafe/is-ip
  • ChainSafe/js-libp2p-gossipsub
  • ChainSafe/js-libp2p-noise
  • ChainSafe/js-libp2p-yamux
  • ChainSafe/libp2p-quic
  • ChainSafe/lodestar
  • ChainSafe/node-prometheus-gc-stats
  • ChainSafe/pubkey-index-map
  • ChainSafe/ssz
  • ChainSafe/swap-or-not-shuffle
  • ChainSafe/xdelta3-node

Metadata

Metadata

Assignees

Labels

epicIssues used as milestones and tracking multiple issues.meta-pmIssues relating to Project Management tasks.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions