Replace npm token auth with OIDC trusted publishing

.github/workflows/ci.yml

@@ -2,6 +2,7 @@ name: CI
 permissions:
   contents: write
   pull-requests: write
+  id-token: write
 on:
   push:
     branches:
@@ -19,6 +20,7 @@ jobs:
         node-version:
           - 20.x
           - 22.x
+          - 24.x
     steps:
       - uses: actions/checkout@v6
       - name: Use Node.js ${{ matrix.node-version }}
@@ -30,7 +32,7 @@ jobs:
       - run: npm run build
       - run: npm run doc
       - name: Save build
-        if: matrix.node-version == '20.x'
+        if: matrix.node-version == '24.x'
         uses: actions/upload-artifact@v6
         with:
           name: build
@@ -67,39 +69,40 @@ jobs:
   npm-publish-build:
     needs: build
     runs-on: ubuntu-latest
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     steps:
       - uses: actions/download-artifact@v7
         with:
           name: build
       - uses: actions/setup-node@v6
         with:
-          node-version: 20.x
+          node-version: 24.x
+          registry-url: 'https://registry.npmjs.org'
       - uses: rlespinasse/github-slug-action@v4.x
       - name: Append commit hash to package version
         run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json'
       - name: Disable pre- and post-publish actions
         run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
-      - uses: JS-DevTools/npm-publish@v4.1.2
-        if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
-        with:
-          token: ${{ secrets.NPM_TOKEN }}
-          tag: ${{ env.GITHUB_REF_SLUG }}
+      - name: Check npm version
+        run: npm --version
+      - name: Publish to npm
+        run: npm publish --tag ${{ env.GITHUB_REF_SLUG }}
 
   npm-publish-latest:
     needs: [build, npm-publish-build]
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
+    if: github.ref == 'refs/heads/main' && github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     steps:
       - uses: actions/download-artifact@v7
         with:
           name: build
       - uses: actions/setup-node@v6
         with:
-          node-version: 20.x
+          node-version: 24.x
+          registry-url: 'https://registry.npmjs.org'
       - name: Disable pre- and post-publish actions
         run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
-      - uses: JS-DevTools/npm-publish@v4.1.2
-        if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' 
-        with:
-          token: ${{ secrets.NPM_TOKEN }}
-          tag: latest
+      - name: Check npm version
+        run: npm --version
+      - name: Publish to npm
+        run: npm publish

package.json

@@ -42,7 +42,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/solidos/solid-ui.git"
+    "url": "https://github.com/solidos/solid-ui"
   },
   "keywords": [
     "solid",