@sendoutcards/quantum-design-ui 2.0.0-canary.1 → 2.0.0-canary.2

package/README.md

@@ -10,14 +10,14 @@ We use [semantic-release](https://semantic-release.gitbook.io/) to automate vers
 
 | Branch   | Purpose                 | npm Tag  | Example Version  |
 | -------- | ----------------------- | -------- | ---------------- |
-| `main`   | Stable releases         | `latest` | `2.0.0`, `2.1.0` |
+| `master` | Stable releases         | `latest` | `2.0.0`, `2.1.0` |
 | `canary` | Prerelease/alpha builds | `canary` | `2.1.0-canary.1` |
 
 ## How It Works
 
 ### Automatic Releases
 
-When code is merged to `main` or `canary`, the CI pipeline:
+When code is merged to `master` or `canary`, the CI pipeline:
 
 1. Checks out the code
 2. Installs dependencies
@@ -100,14 +100,14 @@ npm install @sendoutcards/quantum-design-ui@canary
 
 ### Stable Release
 
-1. Open a PR from `canary` to `main`
+1. Open a PR from `canary` to `master`
 2. On merge, a stable release is automatically published
 
 ### Hotfix
 
-1. Create a branch from `main`
+1. Create a branch from `master`
 2. Make the fix with conventional commit messages
-3. Open a PR directly to `main`
+3. Open a PR directly to `master`
 4. On merge, a patch release is automatically published
 
 ## Manual Version Override
@@ -123,31 +123,50 @@ If you need to force a specific version (rare):
 
 ## Setup Requirements
 
-### GitHub Secrets
+### npm Authentication (Trusted Publishing)
 
-The following secrets must be configured in the repository:
+This repository uses **npm Trusted Publishing** via OpenID Connect (OIDC) for secure, token-free publishing. This eliminates the need for long-lived npm tokens that require manual rotation.
 
-| Secret         | Description                               |
-| -------------- | ----------------------------------------- |
-| `NPM_TOKEN`    | npm access token with publish permissions |
-| `GITHUB_TOKEN` | Automatically provided by GitHub Actions  |
+For more information, see the [npm Trusted Publishing documentation](https://docs.npmjs.com/trusted-publishers).
 
-### Creating an npm Token
+#### How It Works
+
+1. The GitHub Actions workflow requests an OIDC token from GitHub
+2. npm verifies the token came from our authorized repository and workflow
+3. npm allows the publish without any stored secrets
+
+#### GitHub Secrets
+
+| Secret         | Description                              |
+| -------------- | ---------------------------------------- |
+| `GITHUB_TOKEN` | Automatically provided by GitHub Actions |
+
+**Note:** No `NPM_TOKEN` is required. Authentication is handled automatically via OIDC.
+
+#### Trusted Publisher Configuration (npmjs.com)
+
+The trusted publisher is configured on npmjs.com with these settings:
+
+| Field             | Value                   |
+| ----------------- | ----------------------- |
+| Organization      | `SendOutCards`          |
+| Repository        | `quantum-design-system` |
+| Workflow filename | `release.yml`           |
+| Environment       | (none)                  |
+
+To modify the trusted publisher configuration:
 
 1. Go to [npmjs.com](https://www.npmjs.com/) and log in
-2. Click your profile icon > Access Tokens
-3. Generate New Token > Classic Token
-4. Select "Automation" type
-5. Copy the token
-6. Add it to GitHub: Repository Settings > Secrets and variables > Actions > New repository secret
-7. Name: `NPM_TOKEN`, Value: (paste token)
+2. Navigate to the package settings for `@sendoutcards/quantum-design-ui`
+3. Find the "Trusted Publisher" section
+4. Update the GitHub Actions configuration as needed
 
 ## Troubleshooting
 
 ### Release didn't trigger
 
 - Ensure commits follow conventional commit format
-- Check that the branch is `main` or `canary`
+- Check that the branch is `master` or `canary`
 - Verify the CI workflow completed successfully
 
 ### Version wasn't bumped
@@ -157,9 +176,11 @@ The following secrets must be configured in the repository:
 
 ### npm publish failed
 
-- Verify `NPM_TOKEN` is set correctly in GitHub Secrets
-- Check that the token has publish permissions
+- Verify the trusted publisher is configured correctly on npmjs.com
+- Ensure the workflow filename matches exactly (`release.yml`)
+- Check that `id-token: write` permission is set in the workflow
 - Ensure the package name is available on npm
+- See [npm Trusted Publishing troubleshooting](https://docs.npmjs.com/trusted-publishers#troubleshooting)
 
 ## Configuration Files
 

package/dist/index.js

@@ -12,7 +12,7 @@ import { EyeDropper as Gt } from "react-eyedrop";
 import { useDropzone as Pt } from "react-dropzone";
 import Ot from "react-infinite-scroll-component";
 import Ut from "react-parallax-tilt";
-const D = (o) => {
+import './index.css';const D = (o) => {
   const t = E(o).hsl(), a = Math.round(t.array()[0]), r = Math.round(t.array()[1]), i = Math.round(t.array()[2]), n = E.hsl([a, r, i]).toString(), c = Qt(a, r, Xt(i));
   return Yt(c, n);
 }, Qt = (o, t, a) => a.map((i) => E.hsl([o, t, i]).toString()), Xt = (o) => {

package/package.json

@@ -1,17 +1,19 @@
 {
   "name": "@sendoutcards/quantum-design-ui",
-  "version": "2.0.0-canary.1",
+  "version": "2.0.0-canary.2",
   "type": "module",
   "description": "UI component library for Quantum Design System",
   "module": "dist/index.js",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "style": "dist/index.css",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
       "require": "./dist/index.js"
-    }
+    },
+    "./style.css": "./dist/index.css"
   },
   "author": "nickqweaver",
   "license": "MIT",
@@ -94,7 +96,8 @@
     "ts-jest": "^29.1.2",
     "typescript": "^5.7.3",
     "vite": "^6.0.7",
-    "vite-plugin-dts": "^4.5.4"
+    "vite-plugin-dts": "^4.5.4",
+    "vite-plugin-lib-inject-css": "^2.1.0"
   },
   "overrides": {
     "webpack": "5.98.0"