npm trusted publishing now supports CircleCI as an OIDC provider, joining GitHub Actions and GitLab CI/CD. Maintainers publishing from CircleCI workflows can now eliminate stored credentials entirely and authenticate directly through their CI/CD pipeline.

With this expansion, trusted publishing now covers a large majority of npm publishers by CI provider. Configuration is available through the npm website and the npm trust CLI command. See the trusted publishing documentation for setup instructions.

We’re also shipping dark mode for the npmjs.com website, one of the most requested features from the community. Our team built this using GitHub Copilot agent mode, allowing us to deliver it with minimal engineering time beyond final review and shipping. Our focus remains on strengthening npm security and enhancing maintainer agency over the packages they publish.

To share feedback or ask questions, join the community discussion.