Prepare packages for public npm release

[BunsDev]

Summary

• Add publishConfig.access=public to all publishable packages so scoped packages can be published publicly to npm.
• Authenticate the release workflow to npm using NPM_TOKEN before running the Changesets publish step.
• Keep the release flow aligned with public package distribution for core, create-markdown, mdx, preview, and react.

Testing

• Not run
• Verified the release workflow change wires NPM_TOKEN into ~/.npmrc before the publish step.
• Verified each updated package.json now includes publishConfig.access set to public.

---

Note

Low Risk
Low risk release-configuration changes: updates npm publish metadata and CI authentication without touching runtime code paths.

Overview
Prepares packages for public npm publishing by adding publishConfig.access="public" across the publishable packages.

Updates the GitHub Release workflow to explicitly authenticate to npm (writes NPM_TOKEN into ~/.npmrc) before running the Changesets publish step.

^{Reviewed by Cursor Bugbot for commit fc2529a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
create-markdown	Ready	Preview	Apr 5, 2026 1:25pm
create-markdown-docs	Ready	Preview	Apr 5, 2026 1:25pm

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Auth token written to wrong npmrc file location
  • The workflow now writes the npm auth token to $NPM_CONFIG_USERCONFIG, matching the config path that setup-node exports for publish commands.

Or push these changes by commenting:

@cursor push fbad10b032

Preview (fbad10b032)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -42,7 +42,7 @@
 
       - name: Authenticate to npm
         run: |
-          echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
+          echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > "$NPM_CONFIG_USERCONFIG"
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

_{You can send follow-ups to the cloud agent here.}

^{Reviewed by Cursor Bugbot for commit fc2529a. Configure here.}

[cursor]

Auth token written to wrong npmrc file location

High Severity

The setup-node action's registry-url option sets NPM_CONFIG_USERCONFIG to $RUNNER_TEMP/.npmrc. This causes the ~/.npmrc file created by the "Authenticate to npm" step to be ignored. Since $RUNNER_TEMP/.npmrc expects an undefined NODE_AUTH_TOKEN, package publishing fails due to missing authentication.

 

^{Reviewed by Cursor Bugbot for commit fc2529a. Configure here.}