Sets up the npm-trusts-github skill

⚠️ ALPHA SOFTWARE — This package is under active development. APIs, skill structure, and behavior may change without notice.

Built with DeepSeek V4 Pro in Pi

For users: You can also run the scripts in this skill directly without an LLM. Manuals are in references/for-user/. Read start-here.md.

A skill that teaches an LLM how to set up and/or use npm trusted publishing (OIDC) with GitHub Actions. No long-lived tokens, no 2FA prompts, no manual rotation.

What it provides

The LLM can set up the folder you want as the one that gets published, use previous configs, help you apply trust on npm, diagnose failures, and troubleshoot errors.

Install on Pi

pi install npm:@gerdloos/npm-trusts-github-skill

Usage — with an LLM

In Pi: /skill:npm-trusts-github

The skill lets the llm use scripts and postpones full skill discovery. It avoids the LLM reading files and reference documents too soon. Rather, scripts provide information in structured form. This keeps the context window lean and avoids the LLM burning tokens.

The skill provides the LLM with scripts that perform environment checks, scaffold project files, detect existing configurations, validate and push tags, and diagnose failures. Each script can output findings in both human-readable and JSON formats (default) for the LLM to parse.

The diagnose script in particular tries to postpone LLM initiative. It should be very good at pointing where to look.