Update the workflow to use trusted publishing

Author: IlyaKhD

.github/workflows/publish.yml

@@ -13,6 +13,9 @@ on:
         default: false
         description: Dry run
 
+permissions:
+  id-token: write  # Required for OIDC (Trusted Publishing)
+  contents: read
 
 jobs:
   publish:
@@ -26,10 +29,14 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '18'
+          node-version: '24'
           cache: 'npm'
           registry-url: 'https://registry.npmjs.org'
 
+      # npm version 11.5.1 or later is required to use Trusted Publishing
+      - name: NPM Version
+        run: npm --version
+
       - name: Install dependencies
         run: npm ci
 
@@ -58,11 +65,10 @@ jobs:
 
       - name: Publish to NPM
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           DRY_RUN: "${{ inputs.dry-run }}"
         run: |
           if [ "$DRY_RUN" = true ]; then
-            echo "npm publish --dry-run"
+            npm publish --dry-run
           else
-            echo "npm publish"
+            npm publish
           fi