ci: fix npm token secret name

[thedavidmeister]

The npm-publish step referenced secrets.NPM_TOKEN but the actual configured secret is NPM_PUBLISH_PRIVATE_TOKEN. Without this, the workflow failed at the NPM publish step with 404, and crates.io publish never ran because it's gated after.

[coderabbitai]

Warning

Review limit reached

@thedavidmeister, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 37 minutes and 56 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 12dc2f8c-a90c-48b3-9af9-2fb8385cce4e

📥 Commits

Reviewing files that changed from the base of the PR and between ff96f34 and a8d6fb0.

📒 Files selected for processing (1)

• .github/workflows/package-release.yaml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-05-23-npm-publish-token

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thedavidmeister]

Superseded by #221 which includes the NPM_TOKEN -> NPM_PUBLISH_PRIVATE_TOKEN rename plus rainix bump and publish reorder.