Lets the package ship to npm without a local npm install: publish a GitHub
Release and CI runs `npm publish` using an NPM_TOKEN repo secret.
- .github/workflows/npm-publish.yml: triggers on release published (and manual
dispatch), verifies the release tag matches package.json version, then
publishes with provenance (id-token: write) to the public registry.
One-time setup by the maintainer: create an npm Automation token and add it as
the NPM_TOKEN repository secret. Documented in the workflow header.
Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px
Co-authored-by: Claude <noreply@anthropic.com>