When having private modules until they get public the whole publish setup has to be done with a granular token, because trusted publishing is not possible with private packages. Although it may not be necessary it's makes it really hard to use. Also pnpm doesn't automatically pull in the latest npm makeing it not work except for node 24.