chore: use public repository metadata

[jiapengwang-code]

Summary

• replace the SSH repository URL with a public HTTPS URL
• let npm tooling and consumers resolve the source without GitHub SSH credentials

This is a metadata-only change with no runtime code, dependency, or lockfile changes.

Validation

• core Tap suite: 78 assertions passed with 100% statement, branch, function, and line coverage
• full Tap run reached 108 passing assertions; Windows-specific memory/spawn and occasional file-roll ordering checks do not complete reliably in this environment
• pnpm pack --dry-run --json
• direct package metadata assertion
• git diff --check

The full ESLint command is also affected by Git for Windows checking unmodified files out with CRLF while the repository enforces LF. No source files or line endings are changed in this PR.

[esatterwhite]

This isn't strictly a meta data npm issue, our release tooling uses this to interact with the repository from our ci

What problem was this creating ? What tools are using this to find the source code, that don't already have the source code?

[esatterwhite]

@logdnabot build this pr

[jiapengwang-code]

Thanks for clarifying. The intent was to make the repository accessible to npm consumers and tooling without SSH credentials. I understand the repository field is also used by your CI release tooling, so changing it may be inappropriate here.

Given the Jenkins failure, I am happy to withdraw the PR unless you would prefer to separate the release remote from the published package metadata.

[jiapengwang-code]

Thanks for clarifying. The intent was to make the repository accessible to npm consumers and tooling without SSH credentials. I understand the repository field is also used by your CI release tooling, so changing it may be inappropriate here.

Given the Jenkins failure, I am happy to withdraw the PR unless you would prefer to separate the release remote from the published package metadata.