New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

publish-safe

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

publish-safe

Migration & verification tool for secure npm publishing

latest
Source
npmnpm
Version
0.1.2
Version published
Maintainers
1
Created
Source

publish-safe

CLI tool to help npm maintainers audit and migrate to trusted publishing safely.

English | Tiếng Việt

English

Installation

npx publish-safe

Commands

audit - Check current publish configuration

npx publish-safe audit

fix - Generate patches to migrate to trusted publishing

npx publish-safe fix

Creates 2 files in .publish-safe/:

  • publish-workflow.yml - New GitHub Actions workflow
  • migration-checklist.md - Migration checklist

verify - Verify setup is correct

npx publish-safe verify

doctor - Explain security concepts

npx publish-safe doctor

init-ci - Create GitHub Actions workflow for continuous auditing

npx publish-safe init-ci

Creates .github/workflows/publish-safe-audit.yml for automated security checks.

JSON Output

All commands support JSON output:

npx publish-safe audit --json
npx publish-safe verify --json

Use Cases

  • Solo maintainer: Audit and fix 1 repo in 5 minutes
  • Agency: Audit all client repos before handover
  • Open source maintainer: Enable provenance for packages

Resources

Tiếng Việt

CLI tool giúp npm maintainers audit và migrate sang trusted publishing một cách an toàn.

Cài đặt

npx publish-safe

Các lệnh chính

audit - Kiểm tra cấu hình publish hiện tại

npx publish-safe audit

fix - Tạo patch để migrate sang trusted publishing

npx publish-safe fix

Tạo ra 2 file trong .publish-safe/:

  • publish-workflow.yml - GitHub Actions workflow mới
  • migration-checklist.md - Checklist để migrate

verify - Kiểm tra setup đã đúng chưa

npx publish-safe verify

doctor - Giải thích khái niệm bảo mật

npx publish-safe doctor

init-ci - Tạo GitHub Actions workflow để audit liên tục

npx publish-safe init-ci

Tạo ra .github/workflows/publish-safe-audit.yml để kiểm tra bảo mật tự động.

JSON Output

Tất cả commands hỗ trợ JSON output:

npx publish-safe audit --json
npx publish-safe verify --json

Use cases

  • Solo maintainer: Audit và fix 1 repo trong 5 phút
  • Agency: Audit tất cả client repos trước khi handover
  • Open source maintainer: Enable provenance cho package

Tài liệu tham khảo

Keywords

npm
publish
security
trusted-publishing
ci
oidc

FAQs

Package last updated on 22 Mar 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026