{"id":13525345,"url":"https://github.com/semantic-release/npm","last_synced_at":"2025-05-14T06:14:36.484Z","repository":{"id":38709000,"uuid":"109657262","full_name":"semantic-release/npm","owner":"semantic-release","description":":ship: semantic-release plugin to publish a npm package","archived":false,"fork":false,"pushed_at":"2025-05-12T07:36:22.000Z","size":3554,"stargazers_count":262,"open_issues_count":58,"forks_count":121,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-12T08:54:11.634Z","etag":null,"topics":["npm","publish","registry","release","semantic-release","version"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/semantic-release.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-11-06T06:40:02.000Z","updated_at":"2025-05-12T02:48:57.000Z","dependencies_parsed_at":"2022-07-10T22:16:09.973Z","dependency_job_id":"bba23535-0733-4f72-8f40-b6f3ce1d0b24","html_url":"https://github.com/semantic-release/npm","commit_stats":{"total_commits":719,"total_committers":32,"mean_commits":22.46875,"dds":0.3908205841446454,"last_synced_commit":"6335059b4a232e339e6c00a768c183f199b53d98"},"previous_names":[],"tags_count":131,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/semantic-release%2Fnpm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/semantic-release%2Fnpm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/semantic-release%2Fnpm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/semantic-release%2Fnpm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/semantic-release","download_url":"https://codeload.github.com/semantic-release/npm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254083939,"owners_count":22011905,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["npm","publish","registry","release","semantic-release","version"],"created_at":"2024-08-01T06:01:17.880Z","updated_at":"2025-05-14T06:14:36.431Z","avatar_url":"https://github.com/semantic-release.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","npm"],"sub_categories":[],"readme":"# @semantic-release/npm\n\n[**semantic-release**](https://github.com/semantic-release/semantic-release) plugin to publish a [npm](https://www.npmjs.com) package.\n\n[![Build Status](https://github.com/semantic-release/npm/workflows/Test/badge.svg)](https://github.com/semantic-release/npm/actions?query=workflow%3ATest+branch%3Amaster) [![npm latest version](https://img.shields.io/npm/v/@semantic-release/npm/latest.svg)](https://www.npmjs.com/package/@semantic-release/npm)\n[![npm next version](https://img.shields.io/npm/v/@semantic-release/npm/next.svg)](https://www.npmjs.com/package/@semantic-release/npm)\n[![npm beta version](https://img.shields.io/npm/v/@semantic-release/npm/beta.svg)](https://www.npmjs.com/package/@semantic-release/npm)\n\n| Step | Description |\n| ------------------ | -------------------------------------------------------------------------------------------------------------------------------- |\n| `verifyConditions` | Verify the presence of the `NPM_TOKEN` environment variable, or an `.npmrc` file, and verify the authentication method is valid. |\n| `prepare` | Update the `package.json` version and [create](https://docs.npmjs.com/cli/pack) the npm package tarball. |\n| `addChannel` | [Add a release to a dist-tag](https://docs.npmjs.com/cli/dist-tag). |\n| `publish` | [Publish the npm package](https://docs.npmjs.com/cli/publish) to the registry. |\n\n## Install\n\n\u003e [!TIP]\n\u003e You do not need to directly depend on this package if you are using `semantic-release`.\n\u003e `semantic-release` already depends on this package, and defining your own direct dependency can result in conflicts when you update `semantic-release`.\n\n```bash\n$ npm install @semantic-release/npm -D\n```\n\n## Usage\n\nThe plugin can be configured in the [**semantic-release** configuration file](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#configuration):\n\n```json\n{\n \"plugins\": [\"@semantic-release/commit-analyzer\", \"@semantic-release/release-notes-generator\", \"@semantic-release/npm\"]\n}\n```\n\n## Configuration\n\n### npm registry authentication\n\nThe npm [token](https://docs.npmjs.com/about-access-tokens) authentication configuration is **required** and can be set via [environment variables](#environment-variables).\n\nAutomation tokens are recommended since they can be used for an automated workflow, even when your account is configured to use the [`auth-and-writes` level of 2FA](https://docs.npmjs.com/about-two-factor-authentication#authorization-and-writes).\n\n### npm provenance\n\nIf you are publishing to the official registry and your pipeline is on a [provider that is supported by npm for provenance](https://docs.npmjs.com/generating-provenance-statements#provenance-limitations), npm can be configured to [publish with provenance](https://docs.npmjs.com/generating-provenance-statements).\n\nSince semantic-release wraps the npm publish command, configuring provenance is not exposed directly.\nInstead, provenance can be configured through the [other configuration options exposed by npm](https://docs.npmjs.com/generating-provenance-statements#using-third-party-package-publishing-tools).\nProvenance applies specifically to publishing, so our recommendation is to configure under `publishConfig` within the `package.json`.\n\n#### npm provenance on GitHub Actions\n\nFor package provenance to be signed on the GitHub Actions CI the following permission is required\nto be enabled on the job:\n\n```yaml\npermissions:\n id-token: write # to enable use of OIDC for npm provenance\n```\n\nIt's worth noting that if you are using semantic-release to its fullest with a GitHub release, GitHub comments,\nand other features, then [more permissions are required](https://github.com/semantic-release/github#github-authentication) to be enabled on this job:\n\n```yaml\npermissions:\n contents: write # to be able to publish a GitHub release\n issues: write # to be able to comment on released issues\n pull-requests: write # to be able to comment on released pull requests\n id-token: write # to enable use of OIDC for npm provenance\n```\n\nRefer to the [GitHub Actions recipe for npm package provenance](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations/github-actions#.github-workflows-release.yml-configuration-for-node-projects) for the full CI job's YAML code example.\n\n### Environment variables\n\n| Variable | Description |\n| ----------- | ----------------------------------------------------------------------------------------------------------------------------- |\n| `NPM_TOKEN` | Npm token created via [npm token create](https://docs.npmjs.com/getting-started/working_with_tokens#how-to-create-new-tokens) |\n\n### Options\n\n| Options | Description | Default |\n| ------------ | ------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- |\n| `npmPublish` | Whether to publish the `npm` package to the registry. If `false` the `package.json` version will still be updated. | `false` if the `package.json` [private](https://docs.npmjs.com/files/package.json#private) property is `true`, `true` otherwise. |\n| `pkgRoot` | Directory path to publish. | `.` |\n| `tarballDir` | Directory path in which to write the package tarball. If `false` the tarball is not be kept on the file system. | `false` |\n\n**Note**: The `pkgRoot` directory must contain a `package.json`. The version will be updated only in the `package.json` and `npm-shrinkwrap.json` within the `pkgRoot` directory.\n\n**Note**: If you use a [shareable configuration](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/shareable-configurations.md#shareable-configurations) that defines one of these options you can set it to `false` in your [**semantic-release** configuration](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#configuration) in order to use the default value.\n\n### npm configuration\n\nThe plugin uses the [`npm` CLI](https://github.com/npm/cli) which will read the configuration from [`.npmrc`](https://docs.npmjs.com/files/npmrc). See [`npm config`](https://docs.npmjs.com/misc/config) for the option list.\n\nThe [`registry`](https://docs.npmjs.com/misc/registry) can be configured via the npm environment variable `NPM_CONFIG_REGISTRY` and will take precedence over the configuration in `.npmrc`.\n\nThe [`registry`](https://docs.npmjs.com/misc/registry) and [`dist-tag`](https://docs.npmjs.com/cli/dist-tag) can be configured under `publishConfig` in the `package.json`:\n\n```json\n{\n \"publishConfig\": {\n \"registry\": \"https://registry.npmjs.org/\",\n \"tag\": \"latest\"\n }\n}\n```\n\n**Notes**:\n\n- The presence of an `.npmrc` file will override any specified environment variables.\n- The presence of `registry` or `dist-tag` under `publishConfig` in the `package.json` will take precedence over the configuration in `.npmrc` and `NPM_CONFIG_REGISTRY`\n\n### Examples\n\nThe `npmPublish` and `tarballDir` option can be used to skip the publishing to the `npm` registry and instead, release the package tarball with another plugin. For example with the [@semantic-release/github](https://github.com/semantic-release/github) plugin:\n\n```json\n{\n \"plugins\": [\n \"@semantic-release/commit-analyzer\",\n \"@semantic-release/release-notes-generator\",\n [\n \"@semantic-release/npm\",\n {\n \"npmPublish\": false,\n \"tarballDir\": \"dist\"\n }\n ],\n [\n \"@semantic-release/github\",\n {\n \"assets\": \"dist/*.tgz\"\n }\n ]\n ]\n}\n```\n\nWhen publishing from a sub-directory with the `pkgRoot` option, the `package.json` and `npm-shrinkwrap.json` updated with the new version can be moved to another directory with a `postversion`. For example with the [@semantic-release/git](https://github.com/semantic-release/git) plugin:\n\n```json\n{\n \"plugins\": [\n \"@semantic-release/commit-analyzer\",\n \"@semantic-release/release-notes-generator\",\n [\n \"@semantic-release/npm\",\n {\n \"pkgRoot\": \"dist\"\n }\n ],\n [\n \"@semantic-release/git\",\n {\n \"assets\": [\"package.json\", \"npm-shrinkwrap.json\"]\n }\n ]\n ]\n}\n```\n\n```json\n{\n \"scripts\": {\n \"postversion\": \"cp -r package.json .. \u0026\u0026 cp -r npm-shrinkwrap.json ..\"\n }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsemantic-release%2Fnpm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsemantic-release%2Fnpm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsemantic-release%2Fnpm/lists"}