The 0.1.1 release's publish-npm job failed; PyPI shipped 0.1.1 but npm didn't โ registries split. One-line root cause.
npm error command git ls-remote ssh://git@github.com/tarball/orchestkit-hook-contract-0.1.1.tgz.git npm error git@github.com: Permission denied (publickey).
The step ran npm publish "$TGZ" with $TGZ = tarball/orchestkit-hook-contract-0.1.1.tgz โ a bare relative path. npm's spec parser saw owner/repo shape and treated it as a GitHub git dependency, not a file โ tried to clone it over SSH โ denied. The smoke-install step worked because it used the absolute $GITHUB_WORKSPACE/$TGZ.
- npm publish "$TGZ" --provenance --access public + npm publish "$GITHUB_WORKSPACE/$TGZ" --provenance --access public
Absolute (or ./-prefixed) path forces npm to treat it as a file, not a github:owner/repo spec.
Try prefixing ./ or $GITHUB_WORKSPACE/.