Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@colbyfayock/semantic-release-pnpm

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@colbyfayock/semantic-release-pnpm

pnpm semantic-release plugin to publish a npm package

  • 1.0.2
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
462
decreased by-22.09%
Maintainers
1
Weekly downloads
 
Created
Source

semantic-release-pnpm

semantic-release plugin to publish a npm package with pnpm.

StepDescription
verifyConditionsVerify the presence of the NPM_TOKEN environment variable, or an .npmrc file, and verify the authentication method is valid.
prepareUpdate the package.json version and create the npm package tarball.
addChannelAdd a release to a dist-tag.
publishPublish the npm package to the registry.

Install

$ npm install semantic-release-pnpm -D

Usage

The plugin can be configured in the semantic-release configuration file:

{
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    "semantic-release-pnpm",
  ]
}

Configuration

Npm registry authentication

The npm authentication configuration is required and can be set via environment variables.

Both the token and the legacy (username, password and email) authentication are supported. It is recommended to use the token authentication. The legacy authentication is supported as the alternative npm registries Artifactory and npm-registry-couchapp only supports that form of authentication.

Notes:

  • Only the auth-only level of npm two-factor authentication is supported, semantic-release will not work with the default auth-and-writes level.
  • The presence of an .npmrc file will override any specified environment variables.

Environment variables

VariableDescription
NPM_TOKENNpm token created via npm token create
NPM_USERNAMENpm username created via npm adduser or on npmjs.com
NPM_PASSWORDPassword of the npm user.
NPM_EMAILEmail address associated with the npm user
NPM_CONFIG_USERCONFIGPath to non-default .npmrc file

Use either NPM_TOKEN for token authentication or NPM_USERNAME, NPM_PASSWORD and NPM_EMAIL for legacy authentication

Options

OptionsDescriptionDefault
npmPublishWhether to publish the npm package to the registry. If false the package.json version will still be updated.false if the package.json private property is true, true otherwise.
pkgRootDirectory path to publish..
tarballDirDirectory path in which to write the package tarball. If false the tarball is not be kept on the file system.false

Note: The pkgRoot directory must contain a package.json. The version will be updated only in the package.json and npm-shrinkwrap.json within the pkgRoot directory.

Note: If you use a shareable configuration that defines one of these options you can set it to false in your semantic-release configuration in order to use the default value.

Npm configuration

The plugin uses the pnpm CLI which will read the configuration from .npmrc. See npm config for the option list.

The registry can be configured via the npm environment variable NPM_CONFIG_REGISTRY and will take precedence over the configuration in .npmrc.

The registry and dist-tag can be configured in the package.json and will take precedence over the configuration in .npmrc and NPM_CONFIG_REGISTRY:

{
  "publishConfig": {
    "registry": "https://registry.npmjs.org/",
    "tag": "latest"
  }
}

Examples

The npmPublish and tarballDir option can be used to skip the publishing to the npm registry and instead, release the package tarball with another plugin. For example with the @semantic-release/github plugin:

{
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    ["semantic-release-pnpm", {
      "npmPublish": false,
      "tarballDir": "dist",
    }],
    ["@semantic-release/github", {
      "assets": "dist/*.tgz"
    }]
  ]
}

When publishing from a sub-directory with the pkgRoot option, the package.json and npm-shrinkwrap.json updated with the new version can be moved to another directory with a postversion. For example with the @semantic-release/git plugin:

{
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    ["semantic-release-pnpm", {
      "pkgRoot": "dist",
    }],
    ["@semantic-release/git", {
      "assets": ["package.json", "npm-shrinkwrap.json"]
    }]
  ]
}
{
  "scripts": {
    "postversion": "cp -r package.json .. && cp -r npm-shrinkwrap.json .."
  }
}

Keywords

FAQs

Package last updated on 02 Feb 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc