{"id":31392829,"url":"https://github.com/formidablelabs/publishr","last_synced_at":"2025-09-29T04:47:30.867Z","repository":{"id":65374922,"uuid":"61579894","full_name":"FormidableLabs/publishr","owner":"FormidableLabs","description":"A tool for harmonious publishing of git and npm packages.","archived":false,"fork":false,"pushed_at":"2019-12-30T21:21:56.000Z","size":74,"stargazers_count":11,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-27T15:43:41.870Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FormidableLabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-06-20T20:58:48.000Z","updated_at":"2022-07-28T08:06:39.000Z","dependencies_parsed_at":"2023-01-20T04:48:18.888Z","dependency_job_id":null,"html_url":"https://github.com/FormidableLabs/publishr","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/FormidableLabs/publishr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FormidableLabs%2Fpublishr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FormidableLabs%2Fpublishr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FormidableLabs%2Fpublishr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FormidableLabs%2Fpublishr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FormidableLabs","download_url":"https://codeload.github.com/FormidableLabs/publishr/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FormidableLabs%2Fpublishr/sbom","scorecard":{"id":51763,"data":{"date":"2025-08-11","repo":{"name":"github.com/FormidableLabs/publishr","commit":"a2fd56d2f893ee9ad7f7e36211a229446e225a23"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 2/25 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 13 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-14T23:52:33.012Z","repository_id":65374922,"created_at":"2025-08-14T23:52:33.013Z","updated_at":"2025-08-14T23:52:33.013Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277467479,"owners_count":25822917,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-29T02:00:09.175Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-09-29T04:47:28.807Z","updated_at":"2025-09-29T04:47:30.861Z","avatar_url":"https://github.com/FormidableLabs.png","language":"JavaScript","readme":"[![Travis Status][trav_img]][trav_site]\n[![Coverage Status][cov_img]][cov_site]\n[![NPM Package][npm_img]][npm_site]\n[![Maintenance Status][maintenance-image]](#maintenance-status)\n\n\n# Publishr\n\nA tool for harmonious publishing of git and npm packages.\n\nPublishr allows you to consistently publish different files in git and npm using an **npm version workflow**,\nwhich enables efficient installation from both types of repository.\n\n## Motivation\n\nIt can be troublesome to enable package installation from both npm and git repositories,\nespecially when a project includes build steps. One inefficient publishing solution entails\nsaving both source and compiled files to git and npm. Another less than ideal solution requires\ninstalling heavy build dependencies in production. Depending on the size of your \nrepository, these solutions can be a burden for both development and production. \nIdeally, the git repository only contains source code and the npm repository contains\ncompiled code. Furthermore, the npm repository should not contain any large build dependencies.\nPublishr solves these problems by tapping into [npm's version/publish lifecycle scripts][npm_scripts_docs].\n\n## Installation\n\n```sh\n$ npm install publishr\n```\n\n## Setup\n\n1. Save all build dependencies to `package.json` as `dependencies`.\n2. Save placeholder (ex. `.someconfig.publishr`) files that should be replaced in the npm repo.\n3. Add a `publishr` config to `package.json`.\n4. Use `publishr.dependencies` to describe which build dependencies to replace in the npm repo.\n5. Use `publishr.files` to describe files to replace/create in the npm repo.\n6. Use `publishr.scripts` to describe scripts to add/replace/remove in the npm repo.\n7. Add `publishr postversion` to [npm's postversion script][npm_scripts_docs].\n8. Add `publishr postpublish` to [npm's postpublish script][npm_scripts_docs].\n\n## Configuration\n\n1. `publishr.dependencies` - Describes build dependencies to replace in the npm repo.\n  * Takes an array of **regular expression strings**\n    * `[\"^babel$\"]` matches only `babel` \n    * `[\"^babel\"]` matches `babel`, `babel-core`\n    * `[\"babel\"]` matches `babel`, `babel-core`, `is-babel`\n2. `publishr.files` - Describes files to replace/create in the npm repo.\n  * Takes an object of oldFile keys to newFile values\n    * `{\".npmignore\": \".npmignore.publishr\"}` replaces/creates `.npmignore` with `.npmignore.publishr`\n3. `publishr.scripts` - Describes files to add/replace/remove in the npm repo.\n  * Takes an object of script name keys to command values.\n    * `{\"hello\": \"echo hello\"}` adds/replaces the test script `hello` with the command `echo hello`\n    * `{\"postinstall\": \"\"}` removes the `postinstall` script.\n\n## Publishing\n\n1. Run `publishr dry-run` to test your configuration.\n2. If the dry run fails, fix all errors and go back to `1`.\n3. Run your [version][npm_version_docs] command.\n4. Run your [publish][npm_publish_docs] command.\n\n## Example\n\nAn example `package.json` file will look something like this:\n\n```json\n  {\n    \"name\": \"some-neat-project\",\n    \"version\": \"0.0.1\",\n    \"dependencies\": {\n      \"lodash\": \"^4.0.0\",\n      \"babel-core\": \"^6.0.0\"\n    },\n    \"devDependencies\": {\n      \"eslint\": \"^1.0.0\"\n    },\n    \"scripts\": {\n      \"build\": \"gulp build\",\n      \"postinstall\": \"npm run build\",\n      \"postpublish\": \"publishr postpublish\",\n      \"postversion\": \"publishr postversion\"\n    },\n    \"publishr\": {\n      \"dependencies\": [\"^babel\"],\n      \"files\": {\n        \".npmignore\": \".npmignore.publishr\",\n        \".someconfig\": \".someconfig.publishr\"\n      },\n      \"scripts\": {\n        \"build\": \"echo 'No Build Needed'\",\n        \"extra\": \"echo 'Extra Script'\",\n        \"postinstall\": \"\"\n      }\n    }\n  }\n```\n\nThe above configuration tells publishr to do a few things:\n\n1. Move all `dependencies` matching the regular expression `^babel` to `devDependencies` before publishing to npm.\n2. Replace `.npmignore` with the contents of `.npmignore.publishr` before publishing to npm.\n3. Replace `.someconfig` with the contents of `.someconfig.publishr` before publishing to npm.\n4. Replace the `build` script with `echo 'No Build Needed'` before publishing to npm.\n5. Add the `extra` script before publishing to npm.\n6. Remove the `postinstall` script before publishing to npm.\n\nThe version command will look something like this:\n\n```shell\n$ npm version patch\n```\n\nResult:\n\n```\nv0.0.2\n\n\u003e some-neat-project@0.0.2 postversion /some/path\n\u003e publishr postversion\n```\n\nThe publish command will look something like this:\n\n```shell\n$ npm publish\n```\n\nResult:\n\n```\n+ some-neat-project@0.0.2\n\n\u003e some-neat-project@0.0.2 postpublish /some/path\n\u003e publishr postpublish\n\n```\n\nWhen all is said and done, the git and npm repo will have different versions of `package.json`, `.npmignore`, and `.someconfig`. Your npm package will install as quickly as possible and you still support installing from a git repo.\n\n## Usage \n\n```\nUsage: publishr \u003ccommand\u003e [options]\n\nCommands:\n  dry-run      Perform a dry run of postversion and postpublish\n  postpublish  Clean up any actions taken by postversion\n  postversion  Create and overwrite files for publishing\n\nOptions:\n  -h, --help     Show help                                             [boolean]\n  -V, --verbose  Log each step during postversion/postpublish          [boolean]\n  -v, --version  Show version number                                   [boolean]\n```\n\n## Maintenance Status\n\n **Stable:** Formidable is not planning to develop any new features for this project. We are still responding to bug reports and security concerns. We are still welcoming PRs for this project, but PRs that include new features should be small and easy to integrate and should not include breaking changes.\n\n[maintenance-image]: https://img.shields.io/badge/maintenance-stable-blue.svg\n[trav_img]: https://img.shields.io/travis/FormidableLabs/publishr.svg\n[trav_site]: https://travis-ci.com/FormidableLabs/publishr\n[cov_img]: https://img.shields.io/coveralls/FormidableLabs/publishr.svg\n[cov_site]: https://coveralls.io/r/FormidableLabs/publishr\n[npm_img]: https://img.shields.io/npm/v/publishr.svg\n[npm_site]: https://www.npmjs.org/package/publishr\n[npm_publish_docs]: https://docs.npmjs.com/cli/publish\n[npm_version_docs]: https://docs.npmjs.com/cli/version\n[npm_scripts_docs]: https://docs.npmjs.com/misc/scripts\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fformidablelabs%2Fpublishr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fformidablelabs%2Fpublishr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fformidablelabs%2Fpublishr/lists"}