wevm · tmm · May 27, 2026 · May 27, 2026 · May 27, 2026
diff --git a/.github/workflows/changesets.yml b/.github/workflows/changesets.yml
@@ -3,27 +3,32 @@ on:
   push:
     branches: [main]
 
+permissions: {} # each job should declare only the permissions it needs
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  cancel-in-progress: false
 
 jobs:
   verify:
     name: Verify
+    permissions:
+      contents: write # commit formatting updates in the reusable workflow
     uses: ./.github/workflows/verify.yml
     secrets: inherit
 
   changesets:
-    name: Publish
+    name: Changesets
     needs: verify
     # prevents this action from running on forks
     if: github.repository == 'wevm/abitype'
     permissions:
-      contents: write # to create release (changesets/action)
-      id-token: write # OpenID Connect token needed for provenance
-      pull-requests: write # to create pull request (changesets/action)
+      contents: write # commit version/changelog updates to the release pull request
+      pull-requests: write # create or update the Changesets release pull request
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    outputs:
+      hasChangesets: ${{ steps.changesets.outputs.hasChangesets }}
 
     steps:
       - name: Clone repository
@@ -33,48 +38,78 @@ jobs:
           fetch-depth: 0
 
       - name: Install dependencies
-        uses: wevm/actions/.github/actions/pnpm@f7ad7f00e16e73322562922c241f21f0c7ffbbec
+        uses: wevm/actions/.github/actions/pnpm@f95dc1dadcba18fe3f02b8205e653e98e4a93516
         with:
           node-version: 24.5
+          skip-cache: true # avoid cache poisoning attacks
 
-      - name: PR or publish
+      - name: Create version pull request
+        id: changesets
         uses: changesets/action@c48e67d110a68bc90ccf1098e9646092baacaa87 # v1.6.0
         with:
           title: 'chore: version packages'
           commit: 'chore: version packages'
-          createGithubReleases: ${{ github.ref == 'refs/heads/main' }}
-          publish: pnpm changeset:publish
           version: pnpm changeset:version
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Publish prerelease
-        run: |
-          git reset --hard origin/main
-          pnpm clean
-          pnpm changeset:prepublish
-          pnpx pkg-pr-new publish --pnpm --compact './packages/abitype'
+  release:
+    name: Release
+    needs: [verify, changesets]
+    # prevents this action from running on forks
+    if: github.repository == 'wevm/abitype' && needs.changesets.outputs.hasChangesets == 'false'
+    permissions:
+      contents: write # create GitHub releases and tags after npm publish
+      id-token: write # authenticate to npm via trusted publishing
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      published: ${{ steps.publish.outputs.published }}
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Install dependencies
+        uses: wevm/actions/.github/actions/pnpm@f95dc1dadcba18fe3f02b8205e653e98e4a93516
+        with:
+          node-version: 24.5
+          skip-cache: true # avoid cache poisoning attacks
+
+      - name: Publish to npm
+        id: publish
+        uses: changesets/action@c48e67d110a68bc90ccf1098e9646092baacaa87 # v1.6.0
+        with:
+          createGithubReleases: true
+          publish: pnpm changeset:publish
         env:
-          PKG_PR_NEW: true 
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-  jsr:
-    name: JSR
-    needs: verify
+  prerelease:
+    name: Prerelease
+    needs: [verify, changesets]
+    # prevents this action from running on forks
+    if: github.repository == 'wevm/abitype' && needs.changesets.outputs.hasChangesets == 'true'
+    permissions:
+      contents: read # checkout repository contents
+      id-token: write # authenticate to npm via trusted publishing
     runs-on: ubuntu-latest
     timeout-minutes: 5
-    permissions:
-      contents: read
-      id-token: write
 
     steps:
       - name: Clone repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Install dependencies
-        uses: wevm/actions/.github/actions/pnpm@f7ad7f00e16e73322562922c241f21f0c7ffbbec
-
-      - name: Prepare
-        run: pnpm node scripts/genJsrJson.ts && pnpm version:update && cd packages/abitype && cp ../../LICENSE LICENSE
+        uses: wevm/actions/.github/actions/pnpm@f95dc1dadcba18fe3f02b8205e653e98e4a93516
+        with:
+          node-version: 24.5
+          skip-cache: true # avoid cache poisoning attacks
 
-      - name: Publish to JSR
-        run: cd packages/abitype && pnpx jsr publish --allow-slow-types --allow-dirty
+      - name: Publish prerelease
+        run: |
+          pnpm clean
+          pnpm changeset:prepublish
+          pnpx pkg-pr-new publish --pnpm --compact './packages/abitype'
+        env:
+          PKG_PR_NEW: true
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -50,7 +50,7 @@ jobs:
     timeout-minutes: 5
     strategy:
       matrix:
-        version: ['5.0.4', '5.2.2', '5.3.3', '5.4.5', '5.5.4', '5.6.3', '5.7.3', '5.8.3', '5.9.3', 'latest']
+        version: ['5.0.4', '5.2.2', '5.3.3', '5.4.5', '5.5.4', '5.6.3', '5.7.3', '5.8.3', '5.9.3', '6.0.3', 'latest']
 
     steps:
       - name: Clone repository
@@ -93,4 +93,3 @@ jobs:
         uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-
diff --git a/.gitignore b/.gitignore
@@ -11,7 +11,6 @@ coverage
 dist
 node_modules
 packages/abitype/abis
-packages/abitype/jsr.json
 packages/abitype/zod
 playgrounds/performance/out
 tsconfig*.tsbuildinfo
diff --git a/packages/abitype/package.json b/packages/abitype/package.json
@@ -19,7 +19,6 @@
     "/zod",
     "src/**/*.ts",
     "!dist/**/*.tsbuildinfo",
-    "!jsr.json",
     "!src/**/*.bench.ts",
     "!src/**/*.bench-d.ts",
     "!src/**/*.test.ts",

diff --git a/scripts/genJsrJson.ts b/scripts/genJsrJson.ts
diff --git a/scripts/updateVersion.ts b/scripts/updateVersion.ts
@@ -54,27 +54,6 @@ for await (const packagePath of packagePaths) {
     'utf-8',
   )
 
-  try {
-    const jsrFilePath = path.resolve(path.dirname(packagePath), 'jsr.json')
-    const jsrJson = JSON.parse(
-      await fs.readFile(jsrFilePath, 'utf-8'),
-    ) as Package
-    jsrJson.version = version
-    await fs.writeFile(
-      jsrFilePath,
-      `${JSON.stringify(jsrJson, null, 2)}\n`,
-      'utf-8',
-    )
-  } catch (error) {
-    if (
-      error &&
-      typeof error === 'object' &&
-      'code' in error &&
-      error.code !== 'ENOENT'
-    )
-      throw error
-  }
-
   if (process.env.PKG_PR_NEW) {
     packageJson.version = version
     await fs.writeFile(