npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

npm has officially rolled out Trusted Publishing with OpenID Connect (OIDC) for all users, marking a significant milestone for JavaScript supply chain security. This authentication method eliminates the need for long-lived tokens in CI/CD workflows, replacing them with short-lived, cryptographically-secured credentials that reduce the attack surface for package publishing.

The launch comes at a critical time for npm security. Just two weeks before this announcement, the JavaScript ecosystem faced a targeted supply chain attack where threat actors hijacked popular packages after compromising maintainer accounts through a phishing campaign. These attacks demonstrated the vulnerability of traditional token-based authentication methods and highlighted the urgent need for more secure publishing mechanisms.

Trusted Publishing with OIDC Is Now the Industry Standard#

npm joins a growing ecosystem of open source package registries implementing trusted publishing based on the OpenSSF Securing Software Repositories Working Group's recommendations. PyPI introduced Trusted Publishers in April 2023 and RubyGems added support in December 2023. Most recently, crates.io implemented trusted publishing in July 2025, demonstrating broad industry adoption of this security standard.

The appeal is clear: Trusted Publishers ensures a package is coming from a specific CI system, workflow, hosted machine or build pipeline, reducing the window for exfiltration abuse, unlike a long-lived API token. This addresses the management and protection of persistent credentials, one of the most persistent security challenges in automated software delivery.

Key Features of npm's Trusted Publishing Implementation#

npm's implementation of Trusted Publishing introduces a number of security improvements, focusing on reducing token management risks and enhancing the verifiability of published packages:

Ephemeral credentials: Authentication tokens are short-lived and automatically expire, eliminating the risk of long-term credential compromise. Unlike traditional npm tokens that persist until manually revoked, OIDC tokens are valid only for the specific publishing operation.

Cryptographic trust: Each publish is authenticated using short-lived, workflow-specific credentials that cannot be exfiltrated or reused. The underlying OIDC standard provides cryptographic proof of the publisher's identity and authorization.

Automatic provenance: When using trusted publishing, npm CLI publishes provenance attestations by default. The --provenance flag is no longer needed. This means every package published via trusted publishing includes verifiable metadata about its source repository and build environment.

Zero secrets management: Publishers no longer need to generate, rotate, or store npm tokens in their CI environments. The trust relationship is established once through the npm web interface using only public information about the authorized workflow.

Current Platform Support and Roadmap#

The initial release supports GitHub Actions and GitLab CI/CD workflows, covering the majority of JavaScript publishing workflows. This feature requires npm CLI v11.5.1 or later, ensuring compatibility with modern development environments.

The setup process requires a one-time configuration step on npmjs.com where maintainers specify which CI/CD workflows they trust for publishing. Once configured, the workflows can immediately begin publishing without any stored secrets.

For GitHub Actions, publishers configure their package to trust specific combinations of organization, repository, workflow file, and optionally an environment name. GitLab CI/CD follows a similar pattern with namespace, project, CI file path, and environment configuration.

npm plans to expand trusted publishing support to additional CI/CD providers and self-hosted runners. This roadmap suggests broader ecosystem support is coming, potentially including CircleCI, Jenkins, and other popular CI platforms.

Trusted Publishing Mitigates Token Hijacking#

Recent npm attacks have shown how compromised maintainer tokens can be weaponized to inject malware into popular packages.

Trusted publishing addresses these attack vectors by eliminating the persistent tokens that attackers seek to compromise. Even if a threat actor gains access to a maintainer's account, they cannot publish malicious packages without also compromising the specific CI/CD workflow environment, a significantly higher bar for attackers.

With PyPI, RubyGems, crates.io, and now npm offering trusted publishing, this authentication method is becoming the de facto standard for secure package publishing across programming ecosystems. The convergence around OpenSSF standards suggests that trusted publishing will soon be expected rather than exceptional among package registries.

For JavaScript developers and organizations, trusted publishing offers an immediate security upgrade with minimal operational overhead. Given the frequency and sophistication of recent npm supply chain attacks, migrating to this more secure authentication model should be a priority for any project publishing packages through CI/CD workflows.