fix: remove npm check step and specify npm version for OIDC trusted publishing

[yujeong-jeon]

…ublishing

• @see [BUG] latest npm fails to install in latest node 22 (via nvm), node:22 and node:22-slim docker images also npm/cli#9151

Related Issue

Describe your changes

Request

[npayfebot]

🔍 No files have been changed

Latest commit: cd73ba3

Please check your commit.

_{powered by: naverpay size-action}

[claude]

LGTM — simple and correct fix pinning npm to a specific version instead of latest for reproducible OIDC publishing.

Extended reasoning...

Overview

Single change to : replaces a verbose 'check and upgrade npm' step (which installed ) with a minimal step pinning . Referenced npm/cli#9151 confirms this is a known OIDC trusted publishing compatibility issue.

Security Risks

No security concerns. Pinning to a specific npm version is strictly safer than @latest as it improves reproducibility and avoids supply chain surprises from unexpected version bumps.

Level of Scrutiny

Low scrutiny warranted. This is a CI workflow config tweak — no application logic, no secrets handling changes, and no new permissions added.

Other Factors

No bugs found, no prior reviews, small diff (one file, ~10 lines changed). The change is clearly intentional and well-motivated.