While preparing a package for font ranges, I've been copying the values from the URL bar which had https://github.com/levischuck/tiny-packages/ and this stumbled me for a while when setting up NPM's OIDC trusted publisher settings.
Instead of copying from my other packages, I had manually typed levischuckfor the Organization or user field. This was a mistake.
In your GitHub action, you may see text like...
publish-packages.log
npm http fetch GET https://run-actions-3-azure-eastus.actions.githubusercontent.com/136//idtoken/***/***?api-version=2.0&audience=npm%3Aregistry.npmjs.org 200 58ms npm http fetch POST 404 https://registry.npmjs.org/-/npm/v1/oidc/token/exchange/package/... 761ms npm verbose oidc Failed token exchange request with body message: OIDC token exchange error - package not found npm verbose stack Error: This command requires you to be logged in to https://registry.npmjs.org/ npm verbose stack at .... npm error code ENEEDAUTH npm error need auth This command requires you to be logged in to https://registry.npmjs.org/ npm error need auth You need to authorize this machine using `npm adduser`
This indicates that the GITHUB_TOKEN is not authorized to publish to this NPM repository.
The fix is to set NPM's trusted publisher correctly with the correct casing, which in my case was LeviSchuck.