libnpmpublish
Advanced tools
The libnpmpublish package is a library for programmatically publishing npm packages. It provides a set of functions to handle the publishing process, including authentication, package validation, and publishing to the npm registry.
Authentication
This feature allows you to authenticate with the npm registry using your credentials. The code sample demonstrates how to use the `getAuth` function from the `libnpm` package to obtain authentication details.
const libnpmpublish = require('libnpmpublish');
const { getAuth } = require('libnpm');
async function authenticate() {
const auth = await getAuth({
scope: '@my-scope',
registry: 'https://registry.npmjs.org/'
});
return auth;
}
authenticate().then(auth => console.log(auth));Package Validation
This feature allows you to validate your package before publishing it. The code sample demonstrates how to read a `package.json` file and validate its contents using the `validate` function from `libnpmpublish`.
const libnpmpublish = require('libnpmpublish');
const fs = require('fs');
async function validatePackage() {
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
const validation = await libnpmpublish.validate(pkg);
console.log(validation);
}
validatePackage();Publishing
This feature allows you to publish your npm package to the registry. The code sample demonstrates how to read a `package.json` file and a tarball file, and then publish the package using the `publish` function from `libnpmpublish`.
const libnpmpublish = require('libnpmpublish');
const fs = require('fs');
async function publishPackage() {
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
const tarballData = fs.readFileSync('package.tgz');
const auth = { token: 'your-npm-token' };
await libnpmpublish.publish(pkg, tarballData, auth);
console.log('Package published successfully');
}
publishPackage();The npm-registry-client package provides a client for interacting with the npm registry. It offers similar functionalities such as authentication, package validation, and publishing. However, it is more low-level compared to libnpmpublish and requires more manual handling of the publishing process.
The np package is a command-line tool for publishing npm packages. It automates the entire publishing process, including version bumping, git tagging, and publishing to the npm registry. Unlike libnpmpublish, which is a library for programmatic use, np is designed for use from the command line.
The publish-please package is a tool that helps ensure best practices when publishing npm packages. It provides pre-publish checks and hooks to validate the package before publishing. While it offers some similar functionalities to libnpmpublish, it is more focused on enforcing best practices and is used as a pre-publish tool rather than a publishing library.
libnpmpublish is a Node.js library for
programmatically publishing and unpublishing npm packages. It does not take care
of packing tarballs from source code, but once you have a tarball, it can take
care of putting it up on a nice registry for you.
const search = require('libnpmpublish')
$ npm install libnpmsearch
opts for libnpmpublish commandslibnpmpublish uses npm-registry-fetch.
Most options are passed through directly to that library, so please refer to
its own opts
documentation
for options that can be passed in.
A couple of options of note for those in a hurry:
opts.token - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.opts.Promise - If you pass this in, the Promises returned by libnpmpublish commands will use this Promise class instead. For example: {Promise: require('bluebird')}> libpub.publish(pkgJson, tarData, [opts]) -> PromisePublishes tarData to the appropriate configured registry. pkgJson should be
the parsed package.json for the package that is being published.
tarData can be a Buffer, a base64-encoded string, or a binary stream of data.
Note that publishing itself can't be streamed, so the entire stream will be
consumed into RAM before publishing (and are thus limited in how big they can
be).
Since libnpmpublish does not generate tarballs itself, one way to build your
own tarball for publishing is to do npm pack in the directory you wish to
pack. You can then fs.createReadStream('my-proj-1.0.0.tgz') and pass that to
libnpmpublish, along with require('./package.json').
publish() does its best to emulate legacy publish logic in the standard npm
client, and so should generally be compatible with any registry the npm CLI has
been able to publish to in the past.
const pkg = require('./dist/package.json')
const tarball = fs.createReadStream('./dist/pkg-1.0.1.tgz')
await libpub.publish(pkg, tarball, { token: 'my-auth-token-here' })
// Package has been published to the npm registry.
> libpub.unpublish(spec, [opts]) -> PromiseUnpublishes spec from the appropriate registry. The registry in question may
have its own limitations on unpublishing.
spec should be either a string, or a valid
npm-package-arg parsed spec object. For
legacy compatibility reasons, only tag and version specs will work as
expected. range specs will fail silently in most cases.
await libpub.unpublish('lodash', { token: 'i-am-the-worst'})
//
// `lodash` has now been unpublished, along with all its versions, and the world
// devolves into utter chaos.
//
// That, or we all go home to our friends and/or family and have a nice time
// doing nothing having to do with programming or JavaScript and realize our
// lives are just so much happier now, and we just can't understand why we ever
// got so into this JavaScript thing but damn did it pay well. I guess you'll
// settle for gardening or something.
FAQs
Programmatic API for the bits behind npm publish and unpublish
The npm package libnpmpublish receives a total of 1,460,966 weekly downloads. As such, libnpmpublish popularity was classified as popular.
We found that libnpmpublish demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.