From f599b1e64720e84fe916730344e91e4c9c43d85a Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Fri, 22 May 2026 10:52:24 +0000
Subject: [PATCH] fix(ci): route npm upgrade through corepack to dodge broken
 toolcache npm

Node 22.22.2's GitHub Actions toolcache ships a broken npm 10.9.7 whose
arborist fails to load (missing promise-retry), so the release job's
`npm install -g npm@latest` self-upgrade aborts with MODULE_NOT_FOUND.
Run the global install via a healthy npm fetched by corepack, which gets
npm 11.x onto PATH for OIDC trusted publishing.

https://claude.ai/code/session_01QnqHcaFmaudSvse6GSEY5Q
---
 .github/workflows/release.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2113dd8..877d024 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,8 +26,12 @@ jobs:
         with:
           node-version: 22
 
+      # Node 22.22.2's toolcache ships a broken npm 10.9.7 whose arborist can't
+      # load (missing promise-retry), so a `npm install -g npm@latest` self-upgrade
+      # aborts with MODULE_NOT_FOUND. Route the global install through a healthy
+      # npm fetched by corepack instead. See nodejs/node#62425, npm/cli#9151.
       - name: Ensure npm 11.5.1+ for OIDC trusted publishing
-        run: npm install -g npm@latest
+        run: corepack npm@latest install -g npm@latest
 
       - uses: pnpm/action-setup@v4