Fix npm security vulnerabilities (#19) #22

	name: CI

	on:
	push:
	branches: main
	tags:
	- "v*"
	pull_request:
	branches: "**"

	jobs:
	all:
	name: all
	runs-on: ubuntu-latest

	permissions:
	contents: read
	# https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
	id-token: write

	steps:
	- uses: actions/checkout@v6

	- uses: actions/setup-node@v6
	with:
	registry-url: https://registry.npmjs.org

	- run: npm install

	- run: npm run build

	- name: Publish to NPM
	if: ${{ startsWith(github.ref, 'refs/tags/v') }}
	run: npx npm@11.7.0 publish --provenance --access public

Provide feedback