From 56a1c0907c104905f33357a68aceadcae6a8e50b Mon Sep 17 00:00:00 2001
From: Itai Hanski <itaihanski@gmail.com>
Date: Tue, 21 May 2024 16:29:00 +0300
Subject: [PATCH] Use yarn to build the project instead of npm (#19)

---
 .github/workflows/publish.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 4c37ebb..8ed98ba 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -25,12 +25,10 @@ jobs:
       # Skip post-install scripts here, as a malicious
       # script could steal NODE_AUTH_TOKEN.
       - name: Install dependencies
-        run: npm ci --ignore-scripts
+        run: yarn install --frozen-lockfile
         env:
           CI: true
           NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
-      # `npm rebuild` will run all those post-install scripts for us.
-      - run: npm rebuild && npm run prepare --if-present
 
       - name: Publish to NPM Package Registry
         run: npm publish --access=public