Any update on when NPM OICD connect will be available for Bitbucket?

[tkumark]

Select Topic Area

Question

Body

Any update on when NPM OICD connect will be available for Bitbucket?

[Beneyam-y0s]

No, as of now the npm CLI “trusted publishing with OIDC” feature doesn’t officially list Bitbucket Pipelines as a supported CI provider.

[drex04]

We have this same issue, using Bitbucket Cloud to publish to NPM. Pretty irritating that manual token rotation is our only option.

[cipher20000]

As of now Bitbucket does support OIDC for Pipelines (you can configure Bitbucket as an OIDC provider for cloud providers). npm has announced “Trusted publishing” (OIDC-based CI publishing) in its docs — but there’s no single “npm OIDC Connect for Bitbucket” one-click doc yet. In practice you have two options:

Use Bitbucket OIDC to authenticate to cloud providers (AWS/GCP/etc.) — docs: Bitbucket Pipelines OIDC.
Atlassian Support

For npm publishes you can still use the existing Bitbucket “Deploy to npm” workflow (currently uses CI tokens/secrets) or follow npm’s Trusted Publishing docs to see how to wire OIDC from your CI — npm’s Trusted Publishing doc.
Atlassian Support
+1

If you need immediate CI→npm publishing, keep using a short-lived npm token stored in Bitbucket secured variables (rotate it), or trigger publishes from a CI provider that already has direct npm OIDC examples. If you want, I can draft a Bitbucket Pipelines snippet that uses either (a) a secure npm token, or (b) an OIDC-based flow pattern (if you want to experiment with exchanging Bitbucket OIDC tokens).