Prepare package for NPM publication

[Copilot]

Package was missing critical files for NPM publication and had security vulnerabilities blocking release.

Changes

Critical fixes:

• Added MIT LICENSE file (referenced in package.json but missing)
• Fixed 2 security vulnerabilities via dependency updates:
  • @modelcontextprotocol/sdk → v1.24.0+ (DNS rebinding)
  • body-parser (DoS vulnerability)

Publishing documentation:

• docs/NPM_PUBLISHING.md - Consolidated guide covering publishing steps, automation options, and maintenance (5.5KB)
  • Quick publish steps (TL;DR)
  • Prerequisites and setup
  • Pre-publish checklist
  • Version management
  • Manual vs automated publishing (with GitHub Actions workflow example)
  • Post-publish steps
  • Common beginner mistakes
  • Troubleshooting

README updates:

• Added "For Package Maintainers" section linking to publishing guide

Package Status

Ready for publication:

• ✅ 0 vulnerabilities (was 2)
• ✅ LICENSE included in distribution
• ✅ Tests pass (11/11)
• ✅ Build succeeds
• ✅ Package name available (previously unpublished 2025-06-21)
• ✅ 96.7 KB packed, 438.2 KB unpacked

Automated Publishing

Documented GitHub Actions workflow for NPM automation with security considerations. Manual publishing recommended - automation adds complexity and security risks for minimal benefit unless publishing very frequently.

Next Steps

npm login
npm publish --otp=123456
git tag -a v1.1.1 -m "Release v1.1.1"
git push origin v1.1.1

See docs/NPM_PUBLISHING.md for complete guide.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Publish to NPM create steps</issue_title>
<issue_description>Review if this project is ready to be published to NPM or not.

• Create steps to do so
• List things to review to make sure its visible and practical.
• List things a noob would miss that need to be done over time
• others ?</issue_description>

<agent_instructions>Go tiger ! ;)</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Publish to NPM create steps #35

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[chrisribe]

@copilot review docs

1. there seems to be some repetition or a bit of doc volume, keep it KISS while keeping it useful.
2. extra: see if automatic deployment of npm on a schedule is something that is recommended or not (else manual intervention is really the only option ?)

[Copilot]

@copilot review docs

1. there seems to be some repetition or a bit of doc volume, keep it KISS while keeping it useful.
2. extra: see if automatic deployment of npm on a schedule is something that i...

1) Documentation simplified:

• Consolidated 5 files (57KB) → 1 file (5.5KB) - 90% reduction
• Removed repetition, kept KISS principle
• Single guide covers all essentials

2) Automated NPM publishing:

• Added GitHub Actions workflow example
• Documented setup with NPM tokens
• Recommendation: Manual publishing preferred - automation adds security risks and complexity for minimal benefit unless publishing very frequently
• Most packages use manual publishing (better control, security with 2FA)

Commit: 29ce6c3