From c05af1ae327caaf983ab9f6845969435f0398289 Mon Sep 17 00:00:00 2001
From: Ben Miner <bminer@scope3.com>
Date: Thu, 21 May 2026 10:24:43 -0500
Subject: [PATCH 1/3] feat: rename package to @scope3/observability-js, target
 public npm

---
 package.json | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 67c5972..ac272b2 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "@scope3data/observability-js",
+  "name": "@scope3/observability-js",
   "version": "2.1.0",
   "description": "Unified observability (Sentry, OpenTelemetry, Pyroscope) for Node.js services",
   "keywords": [
@@ -73,7 +73,6 @@
     "node": ">= 20"
   },
   "publishConfig": {
-    "@scope3data:registry": "https://npm.pkg.github.com",
-    "registry": "https://npm.pkg.github.com"
+    "access": "public"
   }
 }

From 1d9db91632e62e02dfec582655b1e69db20016bb Mon Sep 17 00:00:00 2001
From: Ben Miner <bminer@scope3.com>
Date: Thu, 21 May 2026 10:24:51 -0500
Subject: [PATCH 2/3] ci: publish to npm via OIDC, drop GitHub Packages

---
 .github/workflows/release.yml | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 817f748..1d5b5a3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,6 @@ jobs:
     permissions:
       contents: write
       id-token: write
-      packages: write
 
     steps:
       - name: Checkout
@@ -163,23 +162,21 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 24.x
-          registry-url: https://npm.pkg.github.com
+          registry-url: https://registry.npmjs.org
 
       - name: Build package
         if: steps.should_release.outputs.needed == 'true'
         run: npm run build
 
-      - name: Publish to GitHub Packages
+      - name: Publish to npm
         if: steps.should_release.outputs.needed == 'true'
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           NPM_TAG="latest"
           if [ "${{ steps.prerelease.outputs.value }}" = "true" ]; then
             NPM_TAG="next"
           fi
 
-          npm publish --ignore-scripts --tag "$NPM_TAG"
+          npm publish --provenance --ignore-scripts --tag "$NPM_TAG"
 
       - name: Summary
         if: steps.should_release.outputs.needed == 'true'
@@ -187,7 +184,7 @@ jobs:
           echo "## Release Summary" >> $GITHUB_STEP_SUMMARY
           echo "- **Version**: ${{ steps.pkg_version.outputs.tag }}" >> $GITHUB_STEP_SUMMARY
           echo "- **Prerelease**: ${{ steps.prerelease.outputs.value }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **GitHub Packages tag**: ${{ steps.prerelease.outputs.value == 'true' && 'next' || 'latest' }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **npm tag**: ${{ steps.prerelease.outputs.value == 'true' && 'next' || 'latest' }}" >> $GITHUB_STEP_SUMMARY
 
       - name: No release needed
         if: steps.should_release.outputs.needed != 'true'

From 244a96e00e20bdb584efe00b3fa8faed1249131d Mon Sep 17 00:00:00 2001
From: Ben Miner <bminer@scope3.com>
Date: Thu, 21 May 2026 10:29:39 -0500
Subject: [PATCH 3/3] docs: update README for public npm, drop GitHub Packages
 install instructions

---
 README.md | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index c3bbbc7..f9d9d39 100644
--- a/README.md
+++ b/README.md
@@ -1,20 +1,11 @@
-# @scope3data/observability-js
+# @scope3/observability-js
 
 Unified observability for Node.js services. A single `init()` call wires up [Sentry](https://sentry.io) (error monitoring, tracing, and profiling), [Pyroscope](https://pyroscope.io) (continuous CPU and heap profiling), and optionally the [OpenTelemetry](https://opentelemetry.io) SDK with OTLP trace export.
 
 ## Installation
 
-This package is published to [GitHub Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-npm-registry). Ensure your project has a `.npmrc` with the `@scope3data` scope configured:
-
-```
-@scope3data:registry=https://npm.pkg.github.com
-//npm.pkg.github.com/:_authToken=${PACKAGES_ACCESS_TOKEN}
-```
-
-Then install:
-
 ```sh
-npm install @scope3data/observability-js
+npm install @scope3/observability-js
 ```
 
 Requires Node.js >= 24.
@@ -29,7 +20,7 @@ Without this, `instrument.js` (which calls `init()`) and `server.js` (which uses
 
 ```js
 const EXTERNAL_PACKAGES = [
-  '@scope3data/observability-js',
+  '@scope3/observability-js',
   // ...
 ]
 ```
@@ -41,7 +32,7 @@ This is not required when running with a dev server (e.g. `tsx`) since Node's mo
 Call `init()` once at process startup, before anything else runs:
 
 ```ts
-import { init } from '@scope3data/observability-js'
+import { init } from '@scope3/observability-js'
 
 init({
   serviceName: 'my-service',
@@ -260,7 +251,7 @@ All span helpers are safe to call without `init()` having been called first. Whe
 In your library, pass your library name as the `tracerName` argument to any span helper. Do not call `init()` — that is the responsibility of the consuming application.
 
 ```ts
-import { startSpan, setSpanAttributes } from '@scope3data/observability-js'
+import { startSpan, setSpanAttributes } from '@scope3/observability-js'
 
 async function executeToolCall(toolName: string, agentId: string, params: unknown) {
   return startSpan(