From ea21196cf1203514f280208f1f851c93acf9797e Mon Sep 17 00:00:00 2001
From: Kieran Klaassen <kieranklaassen@gmail.com>
Date: Mon, 2 Mar 2026 21:17:28 -0800
Subject: [PATCH] fix(release): harden semantic-release publishing

---
 .github/workflows/publish.yml |  2 ++
 .releaserc.json               | 16 +++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index f10ba40..09c85c9 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -39,8 +39,10 @@ jobs:
         with:
           # npm trusted publishing requires Node 22.14.0+.
           node-version: "24"
+          registry-url: "https://registry.npmjs.org"
 
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npx semantic-release
diff --git a/.releaserc.json b/.releaserc.json
index 907b41f..4cec882 100644
--- a/.releaserc.json
+++ b/.releaserc.json
@@ -2,5 +2,19 @@
   "branches": [
     "main"
   ],
-  "tagFormat": "v${version}"
+  "tagFormat": "v${version}",
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/npm",
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false,
+        "failComment": false,
+        "labels": false,
+        "releasedLabels": false
+      }
+    ]
+  ]
 }