← Back to Skills

Npm Trusted Publishing

🌐Community
by pr-pm · vlatest · Repository

Ensures npm packages adhere to security best practices & guidelines, boosting developer trust and reducing vulnerabilities.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add npm-trusted-publishing npx -- -y @trustedskills/npm-trusted-publishing
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "npm-trusted-publishing": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/npm-trusted-publishing"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables AI agents to publish packages to the npm registry using trusted publishing. It allows you to specify a list of publishers that are authorized to publish packages, enhancing security and preventing unauthorized modifications. This feature is particularly useful for organizations wanting tighter control over their published artifacts.

When to use it

  • Secure Package Publishing: When an organization needs to restrict who can publish npm packages.
  • Automated CI/CD Pipelines: Integrate with automated build systems to ensure only authorized publishers can release new versions.
  • Internal Registry Management: Control publishing access within a private or internal npm registry environment.
  • Preventing Malicious Packages: Limit the risk of compromised accounts publishing malicious packages.

Key capabilities

  • Trusted Publishing configuration
  • Package publication authorization
  • Registry access control

Example prompts

  • "Publish this package to npm, ensuring only authorized publishers can do so."
  • "Verify that my team members are listed as trusted publishers for our project's registry."
  • "What is the current list of trusted publishers configured for this npm scope?"

Tips & gotchas

This skill requires a properly configured npm registry with Trusted Publishing enabled. Ensure you have appropriate permissions within the registry to manage trusted publishers.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
pr-pm
Installs
7
Repository (canonical source) →

🌐 Community

Passed automated security scans.