Spotted by Copilot in PR #92 — the publish workflow (publish.yml) uses npm install instead of npm ci for its "Clean install" step (line 54).
In CI/publish pipelines, npm ci is preferred because it:
- Ensures deterministic installs from the lockfile
- Prevents accidental lockfile drift
- Fails fast if
package-lock.json is out of sync with package.json
- Is faster (deletes
node_modules and does a clean install)
The CI workflow (ci.yml) already uses npm ci correctly in both jobs.
Fix: Change npm install → npm ci in .github/workflows/publish.yml, line 54.
Spotted by Copilot in PR #92 — the publish workflow (
publish.yml) usesnpm installinstead ofnpm cifor its "Clean install" step (line 54).In CI/publish pipelines,
npm ciis preferred because it:package-lock.jsonis out of sync withpackage.jsonnode_modulesand does a clean install)The CI workflow (
ci.yml) already usesnpm cicorrectly in both jobs.Fix: Change
npm install→npm ciin.github/workflows/publish.yml, line 54.