libnpmpublish

What is libnpmpublish?

The libnpmpublish package is a library for programmatically publishing npm packages. It provides a set of functions to handle the publishing process, including authentication, package validation, and publishing to the npm registry.

What are libnpmpublish's main functionalities?

Authentication

This feature allows you to authenticate with the npm registry using your credentials. The code sample demonstrates how to use the `getAuth` function from the `libnpm` package to obtain authentication details.

const libnpmpublish = require('libnpmpublish');
const { getAuth } = require('libnpm');

async function authenticate() {
  const auth = await getAuth({
    scope: '@my-scope',
    registry: 'https://registry.npmjs.org/'
  });
  return auth;
}
authenticate().then(auth => console.log(auth));

Package Validation

This feature allows you to validate your package before publishing it. The code sample demonstrates how to read a `package.json` file and validate its contents using the `validate` function from `libnpmpublish`.

const libnpmpublish = require('libnpmpublish');
const fs = require('fs');

async function validatePackage() {
  const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
  const validation = await libnpmpublish.validate(pkg);
  console.log(validation);
}
validatePackage();

Publishing

This feature allows you to publish your npm package to the registry. The code sample demonstrates how to read a `package.json` file and a tarball file, and then publish the package using the `publish` function from `libnpmpublish`.

const libnpmpublish = require('libnpmpublish');
const fs = require('fs');

async function publishPackage() {
  const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
  const tarballData = fs.readFileSync('package.tgz');
  const auth = { token: 'your-npm-token' };
  await libnpmpublish.publish(pkg, tarballData, auth);
  console.log('Package published successfully');
}
publishPackage();

Other packages similar to libnpmpublish

npm-registry-client

The npm-registry-client package provides a client for interacting with the npm registry. It offers similar functionalities such as authentication, package validation, and publishing. However, it is more low-level compared to libnpmpublish and requires more manual handling of the publishing process.

np

The np package is a command-line tool for publishing npm packages. It automates the entire publishing process, including version bumping, git tagging, and publishing to the npm registry. Unlike libnpmpublish, which is a library for programmatic use, np is designed for use from the command line.

publish-please

The publish-please package is a tool that helps ensure best practices when publishing npm packages. It provides pre-publish checks and hooks to validate the package before publishing. While it offers some similar functionalities to libnpmpublish, it is more focused on enforcing best practices and is used as a pre-publish tool rather than a publishing library.

README

libnpmpublish

libnpmpublish is a Node.js library for programmatically publishing and unpublishing npm packages. It takes care of packing tarballs from source code and putting it up on a nice registry for you.

Table of Contents

• Example
• Install
• API
  • publish/unpublish opts
  • publish()
  • unpublish()

Example

const { publish, unpublish } = require('libnpmpublish')

Install

$ npm install libnpmpublish

API

opts for libnpmpublish commands

libnpmpublish uses npm-registry-fetch. Most options are passed through directly to that library, so please refer to its own opts documentation for options that can be passed in.

A couple of options of note for those in a hurry:

• opts.defaultTag - registers the published package with the given tag, defaults to latest.

• opts.access - tells the registry whether this package should be published as public or restricted. Only applies to scoped packages, which default to restricted.

• opts.token - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.

> libpub.publish(path, pkgJson, [opts]) -> Promise

Packs a tarball located in path and publishes to the appropriate configured registry. pkgJson should be the parsed package.json for the package that is being published.

If opts.npmVersion is passed in, it will be used as the _npmVersion field in the outgoing packument. It's recommended you add your own user agent string in there!

If opts.algorithms is passed in, it should be an array of hashing algorithms to generate integrity hashes for. The default is ['sha512'], which means you end up with dist.integrity = 'sha512-deadbeefbadc0ffee'. Any algorithm supported by your current node version is allowed -- npm clients that do not support those algorithms will simply ignore the unsupported hashes.

Example

const path = '/a/path/to/your/source/code'
await libpub.publish(path, {
  npmVersion: 'my-pub-script@1.0.2',
  token: 'my-auth-token-here'
}, opts)
// Package has been published to the npm registry.

> libpub.unpublish(spec, [opts]) -> Promise

Unpublishes spec from the appropriate registry. The registry in question may have its own limitations on unpublishing.

spec should be either a string, or a valid npm-package-arg parsed spec object. For legacy compatibility reasons, only tag and version specs will work as expected. range specs will fail silently in most cases.

Example

await libpub.unpublish('lodash', { token: 'i-am-the-worst'})
//
// `lodash` has now been unpublished, along with all its versions, and the world
// devolves into utter chaos.
//
// That, or we all go home to our friends and/or family and have a nice time
// doing nothing having to do with programming or JavaScript and realize our
// lives are just so much happier now, and we just can't understand why we ever
// got so into this JavaScript thing but damn did it pay well. I guess you'll
// settle for gardening or something.