From 686702750067b46a0cef31f019780d3e36196bf8 Mon Sep 17 00:00:00 2001
From: timo <22354443+tnkuehne@users.noreply.github.com>
Date: Mon, 1 Dec 2025 23:44:15 +0100
Subject: [PATCH] ci: generate provenance statement on release to increase
 security

---
 .github/workflows/release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9ea9a57..df828a6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,6 +2,7 @@ name: Release
 
 permissions:
   contents: write
+  id-token: write
 
 on:
   push:
@@ -37,6 +38,6 @@ jobs:
       - name: Publish to npm
         run: |
           npm config set //registry.npmjs.org/:_authToken=$NPM_TOKEN
-          npm publish
+          npm publish --provenance
         env:
           NPM_TOKEN: ${{secrets.NPM_TOKEN}}
\ No newline at end of file