New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

github-release-cli

Package Overview
Dependencies
Maintainers
1
Versions
16
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github-release-cli

A command-line tool for managing release assets on a GitHub repository

npmnpm
Version
1.3.0
Version published
Maintainers
1
Created
Source

github-release-cli build status

NPM

A command-line tool for managing release assets on a GitHub repository.

Installation

npm install -g github-release-cli

Command Line Usage

Run github-release with -h or --help options:

Usage: github-release <command> [<args>]

Options:
  -V, --version             output the version number
  --baseurl <baseurl>       API endpoint (default: "https://api.github.com")
  -T, --token <token>       OAuth2 token (default: null)
  -o, --owner <owner>       The repository owner. (default: "")
  -r, --repo <repo>         The repository name. (default: "")
  -t, --tag <tag>           The name of the tag.
  --release-id <id>         The release id.
  -c, --commitish <value>   Specifies the commitish value for tag. Unused if the tag already exists.
  -n, --name <name>         The name of the release. (default: "")
  -b, --body <body>         Text describing the contents of the tag.
  -d, --draft [value]       `true` makes the release a draft, and `false` publishes the release.
  -p, --prerelease [value]  `true` to identify the release as a prerelease, `false` to identify the release as a full release.
  -h, --help                output usage information

Commands

List

github-release list
  --owner cheton \
  --repo github-release-cli

Upload

github-release upload \
  --owner cheton \
  --repo github-release-cli \
  --tag "v0.1.0" \
  --name "v0.1.0" \
  --body "This release contains bug fixes and imporvements, including:\n..." \
  archive.zip index.html app.min.css app.min.js

Specify the commitish value for tag

github-release upload \
    --owner cheton \
    --repo github-release-cli \
    --commitish 6a8e375 \
    --tag "v0.1.0" \
    --name "v0.1.0" \
    --body "The commitish value for tag"

Create a prerelease

github-release upload \
  --owner cheton \
  --repo github-release-cli \
  --tag "v0.1.0" \
  --name "v0.1.0" \
  --body "This is a prerelease" \
  --prerelease

Change a prerelease to a published release

github-release upload \
  --owner cheton \
  --repo github-release-cli \
  --tag "v0.1.0" \
  --name "v0.1.0" \
  --body "This is a published release" \
  --prerelease=false

Delete

Delete release assets

You can use glob expressions to match files:

github-release delete \
  --owner cheton \
  --repo github-release-cli \
  --tag "v0.1.0" \
  archive.zip index.html "app.*"

Delete a release by specifying the tag name

github-release delete \
  --owner cheton \
  --repo github-release-cli \
  --tag "v0.1.0"

Delete a release by specifying the release id

github-release delete \
  --owner cheton \
  --repo github-release-cli \
  --release-id 17994985

Examples

https://github.com/cncjs/cncjs-pendant-tinyweb/blob/master/.travis.yml

Secure Setup

1. Get an OAuth token from GitHub

First you will need to get an OAuth Token from GitHub using your own username and "note":

curl \
  -u 'username' \
  -d '{"scopes":["repo"], "note":"Publish to GitHub Releases"}' \
  https://api.github.com/authorizations

For users with two-factor authentication enabled, you must send the user's authentication code (i.e., one-time password) in the X-GitHub-OTP header:

curl \
  -u 'username' \
  -H 'X-GitHub-OTP: 000000' \
  -d '{"scopes":["repo"], "note":"Publish to GitHub Releases"}' \
  https://api.github.com/authorizations

2. Storing the OAuth token in an environment variable

For reducing security risks, you can store your OAuth token in an environment variable.

Export the token using the one you got from above:

export GITHUB_TOKEN=your_token

3. Set up a CI build

Now you're ready to upload assets to a GitHub repository from a CI server. For example:

COMMIT_LOG=`git log -1 --format='%ci %H %s'`
github-release upload \
  --owner=cheton \
  --repo=github-release-cli \
  --tag="latest" \
  --name="${TRAVIS_BRANCH}" \
  --body="${COMMIT_LOG}" \
  "releases/myapp-0.1.0-win-x32.exe" \
  "releases/myapp-0.1.0-win-x64.exe"

If you're using Travis CI, you may want to encrypt environment variables:

travis encrypt GITHUB_TOKEN=your_token

Learn how to define encrypted variables in .travis.yml:
https://docs.travis-ci.com/user/environment-variables/#Defining-encrypted-variables-in-.travis.yml

License

MIT

Keywords

github
release
cli

FAQs

Package last updated on 14 Jun 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026