Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@getyourguide/npm-publish
Advanced tools
CLI tool to handle publishing modules, detecting the version increment from the commit message, generating the tags and pushing to github.
package.json
creating a tag and pushing to your repo.[default: master]
using any of the wildcards as part of your message [minor] ...
[major] ...
and the library will generate a version for you. If it doesn't detect any wildcard, it will do a patch
.[beta] ...
npm install --save-dev @getyourguide/npm-publish
package.json
{
"scripts": {
"npm-publish": "npm-publish"
}
}
Drone
publish-package:
image: node:12-buster
commands:
- npm run npm-publish -- -b ${DRONE_BRANCH} -m "$${DRONE_COMMIT_MESSAGE}"
Github Actions
- name: Publish library
run: npm run npm-publish -- -b "${{ github.ref }}" -m "${{ github.event.head_commit.message }}"
Run with --help
to get a full list of params
npm-publish --help
Options:
--help
--branch, -b branch name [required]
--message, -m commit message [required]
--publish-branches branches where it should publish [array] [default: "master"]
--wildcard-minor wildcard to identify a minor commit [default: "[minor]"]
--wildcard-major wildcard to identify a major commit [default: "[major]"]
--wildcard-beta wildcard to identify a beta commit [default: "[beta]"]
--wildcard-no-publish wildcard to identify a nopublish commit [default: "[beta]"]
--git-email git email to create the comit. [default: "local git config"]
--git-name git name to create the commit. [default: "local git config"]
--commit-message commit message. Use %s to specify the version
[default: "[npm-publish] %p@%v [ci skip]"]
You can also specify the params in your package.json
. Add a section npm-publish
{
"npm-publish": {
"publishBranches": ["master", "develop"],
"wildcardMinor": "[custom-minor]",
"wildcardMajor": "[custom-major]",
"gitEmail": "it@mycompany.com",
"gitName": "IT - MyCompany",
"...": "..."
}
}
FAQs
Module to publish npm modules
The npm package @getyourguide/npm-publish receives a total of 0 weekly downloads. As such, @getyourguide/npm-publish popularity was classified as not popular.
We found that @getyourguide/npm-publish demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.