Are we Trusted Publishing yet?

January 19, 2023

Automated publishing of packages to pub.dev

pub.dev adds support for automated publishing which supports publishing from the following sources: GitHub Actions, Google Cloud Build, anywhere else using a GCP service account.

Source:

• Dart Blog: Screenshots and automated publishing for pub.dev
• Dart Docs: Automated publishing of packages to pub.dev

April 20, 2023

PyPI introduces Trusted Publishing

PyPI coins the term 'Trusted Publishing' with support for packages published through GitHub Actions.

Source:

• PyPI Blog: Introducing 'Trusted Publishers'
• PyPI Docs: Publishing with a Trusted Publisher

December 14, 2023

RubyGems adds support for Trusted Publishing

RubyGems adds support for Trusted Publishing for packages published through GitHub Actions.

Source:

• RubyGems Blog: Announcing Trusted Publishing on RubyGems.org
• RubyGems Guides: Trusted Publishing

March 1, 2024

JSR (the JavaScript Registry) adds support for Trusted Publishing

JSR adds support for Trusted Publishing for packages published through GitHub Actions.

Source:

• Deno Blog: JSR Open Beta - Publishing from GitHub
• JSR Docs: Publishing from GitHub Actions

April 17, 2024

PyPI expands Trusted Publisher Support

PyPI adds support for publishing packages through three additional providers: GitLab CI/CD, Google Cloud, and ActiveState.

Source:

• PyPI Blog: Expanding Trusted Publisher Support

July 11, 2025

crates.io adds support for Trusted Publishing

crates.io adds support for Trusted Publishing for packages published through GitHub Actions.

Source:

• Rust Blog: crates.io: development update
• Rust Package Registry Docs: Trusted Publishing

July 31, 2025

npm adds support for Trusted Publishing

npm adds support for Trusted Publishing for packages published through GitHub Actions and GitLab CI/CD.

Source:

• GitHub Blog: npm trusted publishing with oidc is generally available
• npm Docs: Trusted publishing for npm packages

September 9, 2025

Private Packagist adds support for Trusted Publishing

Private Packagist adds support for Trusted Publishing for packages published through GitHub Actions.

Source:

• Private Packagist docs: Trusted Publishing for artifact packages

September 17, 2025

NuGet adds support for Trusted Publishing

nuget.org adds support for Trusted Publishing for packages published through GitHub Actions and GitLab CI/CD.

Source:

• Microsoft Learn: Trusted Publishing on nuget.org

November 10, 2025

PyPI expands Trusted Publisher Support to GitLab Self-Managed and enables Pending Trusted Publishers for Organizations

Support for GitLab Self-Managed instances is now in beta, and it is now possible to pending Trusted Publisher at the Organization level which was previously only possible at the user level.

Source:

• PyPI Blog: Trusted Publishing is popular, now for GitLab Self-Managed and Organizations

November 19, 2025

crates.io adds support for Trusted Publishing with GitLab CI/CD

crates.io now supports GitLab CI/CD in addition to GitHub Actions.

Source:

• Rust Blog: crates.io: Trusted Publishing