Set up GitHub Action to publish npm package on tags

[ElMaxter99]

Summary

• add a GitHub Actions workflow that installs dependencies, runs tests, and publishes to npm whenever a v* tag is pushed or the job is manually dispatched
• remove the local postversion publish script and document the new release flow in the README

Testing

• npm test

---

https://chatgpt.com/codex/tasks/task_e_6901eade197483258a6e5efd535a81bc

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Scope npm token to publish step

NODE_AUTH_TOKEN is configured at the job level, which means the secret is passed to npm ci and npm test as well as the publish step. Any dependency install script or test code could print or exfiltrate the token, giving the secret to untrusted code when the workflow runs. For least privilege, set the environment variable only on the Publish package step (or use actions/setup-node with token) so that only the actual publish command receives the secret.

Useful? React with 👍 / 👎.