Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@wroud/ci

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@wroud/ci

A small CLI for automating releases based on conventional commits. It bumps versions, updates your changelog and publishes GitHub releases.

latest
Source
npmnpm
Version
0.1.1
Version published
Maintainers
1
Created
Source

@wroud/ci

ESM-only package NPM version

A small CLI for automating releases based on conventional commits. It bumps versions, updates your changelog and publishes GitHub releases.

Note: This tool works with Yarn, npm and pnpm.

Installation

Install via npm:

npm install --save-dev @wroud/ci

Install via yarn:

yarn add --dev @wroud/ci

Install via pnpm:

pnpm add -D @wroud/ci

Documentation

For detailed usage and API reference, visit the documentation site.

Configuration

@wroud/ci looks for an optional wroud.ci.config.js file located next to the package.json it relates to. A minimal configuration may look like:

export default {
  repository: "owner/repo", // used for changelog links
  tagPrefix: "v",           // prefix for git tags
  packageManager: "npm",    // npm | yarn | pnpm
};
  • repository is required when publishing GitHub releases. It can also be provided via the repository.url field in package.json.
  • tagPrefix sets the prefix for git tags. It can alternatively be defined in release.tagPrefix inside package.json.
  • packageManager is only needed if the package manager cannot be detected automatically. You can specify it here or via the packageManager field in package.json.

Commands

release [path]

Bump version and update changelog.

  • --prefix tag prefix (defaults to configured prefix)
  • --change-log-file path to changelog file
  • --dry-run preview actions without writing files

git-tag

Create git tag for current version.

  • --prefix tag prefix (defaults to configured prefix)
  • --dry-run preview actions

release-github

Publish GitHub releases for new tags.

  • --prefix tag prefix (defaults to configured prefix)
  • --dry-run preview actions

Single Package Repository

  • Install @wroud/ci as a dev dependency.
  • Add scripts to package.json:
{
  "scripts": {
    "ci:release": "ci release",
    "ci:git-tag": "ci git-tag",
    "ci:release-github": "ci release-github" // optional
  }
}

  • Configure the repository URL and tag prefix in package.json or in a local wroud.ci.config.js file next to it.

  • Example GitHub Action (.github/workflows/release.yml):

name: Release
on:
  push:
    tags:
      - 'v*'
jobs:
  release:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - run: corepack enable
      - uses: actions/setup-node@v4
        with:
          node-version: 'lts/*'
          registry-url: 'https://registry.npmjs.org'
          cache: 'yarn'
      - run: yarn install --immutable
      - run: yarn build
      - run: yarn ci:release
      - run: yarn ci:git-tag
      - run: git push --follow-tags
      - run: yarn ci:release-github
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - run: npm publish --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Multiple Package Workspace

  • Install @wroud/ci in each package that should be released.
  • Add scripts to each package's package.json as shown above.
  • Configure a unique tagPrefix for every package using either release.tagPrefix in its package.json or an adjacent wroud.ci.config.js file. Ensure repository.url is set if GitHub releases are required.
  • Example GitHub Action for a monorepo:
name: Release
on:
  push:
    tags:
      - '*'
jobs:
  release:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - run: corepack enable
      - uses: actions/setup-node@v4
        with:
          node-version: 'lts/*'
          registry-url: 'https://registry.npmjs.org'
          cache: 'yarn'
      - run: yarn install --immutable
      - run: yarn workspaces foreach -A --topological --no-private run ci:release
      - run: git commit -m "chore: release" && yarn workspaces foreach -A --no-private run ci:git-tag
      - run: git push --follow-tags
      - run: yarn workspaces foreach -A --no-private run ci:release-github
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - run: yarn workspaces foreach -A --topological --no-private npm publish --access public --tolerate-republish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Changelog

All notable changes to this project will be documented in the CHANGELOG file.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Keywords

ci
github
release
git
cli
conventional-commits

FAQs

Package last updated on 22 Sep 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious Chrome Extension Steals MEXC API Keys for Account Takeover

Research

/

Security News

Malicious Chrome Extension Steals MEXC API Keys for Account Takeover

A malicious Chrome extension steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.

By Kirill Boychenko  -  Jan 12, 2026