Release Checker (alpha)
There are numerous ways to "shoot yourself in the foot" using npm publish
. The purpose of this module is to validate that your project is ready to be published in a safe way.
It checks the following:
- package.json file is valid
- build pass (unreleased)
- tests pass
- there is no sensitive data embedded in the package that will be sent to the registry
- there is no useless files (like tests files) embedded in the package that will be sent to the registry
- there is no vulnerable dependencies (unreleased)
- there are no uncommitted changes in the working tree
- there are no untracked files in the working tree
- current branch is
master
or release
- git tag matches version specified in the
package.json
(unreleased) - all licences declared in dependencies are valid (unreleased)
Warning
If you are running node 8 or above, and the package.json
file has an already existing prepublish
script, you should rename that script to prepublishOnly
before using release-checker
.
- Run
npm help scripts
to get more details.
Install
-
local install
npm install --save-dev release-checker
Then add this script in the scripts
section of the package.json
file:
"scripts": {
"release-checker": "release-checker"
},
-
global install
npm install -g release-checker
Basic usage
-
local install
npm run release-checker
-
global install
release-checker
-
zero install
npx release-checker
Command-line Options
When you specify no option, all checkers will run.
if you want to run only specific checkers, use the command-line options specific to these checkers.
-b, --branch
Ensure that current branch is master
or release
.
-c, --uncommited-files
Ensure there are no uncommited files in the working tree.
npx release-checker --uncommited-files
--customize-sensitivedata
Customize the sensitive or useless data checker.
This will create, in the current directory, a .sensitivedata
file that you can customize to fit your needs.
npx release-checker --customize-sensitivedata
-h, --help
Show help.
npx release-checker --help
-s, --sensitivedata
Ensure there is no sensitive or useless data in the npm package.
npx release-checker --sensitivedata
--skip-<checker>
Use this option when you want to run all checkers except specific ones.
For example this command will run all checkers except the test checker:
npx release-checker --skip-test
This other example will run all checkers except the test checker and the git-branch checker
npx release-checker --skip-test --skip-branch
The above command could be also rewritten to:
npx release-checker --skip-t --skip-b
-t, --test
Ensure that command npm test
is successfull.
npx release-checker --test
-u, --untracked-files
Ensure there are no untracked files in the working tree.
npx release-checker --untracked-files
Sensitive or useless data Checker
This Checker checks there is no sensitive and no useless files inside the to-be-published package. This check performs only if npm version is 5.9.0 or above.
It will detect the following files:
- Benchmark files
- Configuration files
- CI
- eslint
- GitHub
- JetBrains
- Visual Studio Code
- Coverage files
- Demo files
- Dependency directories
- Doc files
- Example files
- Log files
- Private SSH key
- Script files
- Secret files
- Source files
- Temp files
- Test files
- Zip files
- Output of 'npm pack' command
These files are defined inside the built-in .sensitivedata file.
You may completely override this file by creating a .sensitivedata
file in the root directory of your project so that this checker fits your needs:
- to create this file, just run the command:
npx release-checker --customize-sensitivedata
- if you create your own
.sensitivedata
file, and the package.json
file has no files
section, consider adding .sensitivedata
to the .npmignore
file.
Authors
This project is a port of all validations provided by publish-please