RSS

NPM staged publishing setup with approximately one click per package

naugtur2 pts0 comments

One click OIDC Staging setup for NPM

Installation:

Drag this button to your bookmarks bar to save it as a bookmarklet:

STAGE!

Usage:

Go to your package as a privileged user and click the bookmark. All you need to do is enter 2fa. You'll be asked for the workflow name once per repository.

Environment is hardcoded to "npm" so use that for environment name in github.

It's not a browser driver, so it can't steal your session or your 2fa token - this code is garbage collected<br>before you navigate away to the 2FA screen.

It's not an extension, so it can't get updated with malware.

You can inspect all the code if you want.

🌋 Brought to you by LavaMoat

click setup package name environment code

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.