Security News
JSR Working Group Kicks Off with Ambitious Roadmap andย Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
release-it
Advanced tools
release-it is a versatile command-line tool for automating versioning and package publishing. It simplifies the release process by handling version bumps, changelogs, Git tags, and publishing to npm and other platforms.
Version Bumping
Automatically bumps the version of your project. In this example, it bumps the minor version.
release-it minor
Changelog Generation
Generates a changelog based on the commits since the last release.
release-it --changelog
Git Tagging
Creates a new Git tag for the release.
release-it --git.tag
NPM Publishing
Publishes the package to the npm registry.
release-it --npm.publish
Custom Hooks
Allows you to define custom hooks to run at various points in the release process.
{ "hooks": { "before:init": "echo 'This is a custom hook'" } }
standard-version is a tool for versioning and changelog generation based on conventional commits. It focuses on standardizing the release process and is less customizable compared to release-it.
semantic-release automates the versioning and package publishing process based on the commit history. It is highly configurable and integrates with CI/CD pipelines, making it more suitable for complex workflows compared to release-it.
lerna is a tool for managing JavaScript projects with multiple packages. It can handle versioning and publishing for monorepos, offering more advanced features for multi-package repositories compared to release-it.
CLI release tool for Git repos and npm packages.
Release It! automates the tedious tasks of software releases:
package.json
)Updating from v2 to v3 should be painless. See v3.0.0 release notes!
As a globally available CLI tool:
npm install --global release-it
As a devDependency
in your project:
npm install --save-dev release-it
Add this as a script
to package.json
:
{
"name": "my-package",
"version": "1.0.0".
"scripts": {
"release": "release-it"
},
"devDependencies": {
"release-it": "^4.2.0"
}
}
Now you can run npm run release
from the command line.
Release a new patch (increments from e.g. 1.0.4
to 1.0.5
):
release-it
Release a patch, minor, major, or specific version:
release-it minor
release-it 0.8.3
See manage pre-releases for versions like 1.0.0-beta.2
and npm install my-package@next
.
You can also do a "dry run", which won't write/touch anything, but does output the commands it would execute, and show the interactivity:
release-it --dry-run
Out of the box, release-it has sane defaults, and plenty of options to configure it. Put the options to override in .release-it.json
in the project root. Example:
{
"src": {
"tagName": "v%s"
},
"github": {
"release": true
}
}
.release-it.json
. Everything else will fall back to the default configuration.--config
if you want to use another path for the local .release-it.json
.Any option can also be set on the command-line, and will have highest priority. Example:
release-it minor --src.tagName='v%s' --github.release
Boolean arguments can be negated by using the no-
prefix:
release-it --no-npm.publish
By default, release-it is interactive and allows you to confirm each task before execution:
On a Continuous Integration (CI) environment, or by using the -n
option, this is fully automated. No prompts are shown and the configured tasks will be executed. This is demonstrated in the first animation above. An overview of the default tasks:
Task | Option | Default | Prompt | Default |
---|---|---|---|---|
Ready (confirm version) | N/A | N/A | - | Y |
Show staged files | N/A | N/A | prompt.src.status | N |
Git commit | src.commit | true | prompt.src.commit | Y |
Git push | src.push | true | prompt.src.push | Y |
Git tag | src.tag | true | prompt.src.tag | Y |
GitHub release | github.release | false | prompt.src.release | Y |
npm publish | npm.publish | true | prompt.src.publish | Y |
The left columns are default options in non-interactive (or CI) mode.
The prompt.*
options on the right in the table are used for the default answers in interactive mode. You can still change the answer to either Y
or N
as the questions show up (or cancel the process with Ctrl-c
).
The command hooks are executed from the root directory of the src
or dist
repository, respectively:
src.beforeStartCommand
buildCommand
- before files are staged for commitsrc.afterReleaseCommand
dist.beforeStageCommand
- before files are staged in dist repodist.afterReleaseCommand
All commands can use configuration variables (like template strings):
"buildCommand": "tar -czvf foo-${src.tagName}.tar.gz ",
"afterReleaseCommand": "echo Successfully released ${version} to ${dist.repo}."
The tool assumes you've configured your SSH key and Git remotes correctly. In short: you're fine if you can git push
. Otherwise, the following GitHub help pages might be useful: SSH and Managing Remotes.
See this project's releases page for an example.
To create GitHub releases:
github.release
option must be true
.github.tokenRef
. Example:export GITHUB_TOKEN="f941e0..."
To upload binary release assets with a GitHub release (such as compiled executables,
minified scripts, documentation), provide one or more glob patterns for the github.assets
option. After the release, the assets are available to download from the GitHub release page. Example:
"github": {
"release": true,
"assets": "dist/*.zip"
}
With release-it, it's easy to create pre-releases: a version of your software that you want to make available, while it's not in the stable semver range yet. Often "alpha", "beta", and "rc" (release candidate) are used as identifier for pre-releases.
For example, if you're working on a new major update for awesome-pkg
(while the latest release was v1.4.1), and you want others to try a beta version of it:
release-it major --preRelease=beta
This will tag and release version 2.0.0-beta.0
. This is actually a shortcut for:
release-it premajor --preReleaseId=beta --npm.tag=beta --github.preRelease
Consecutive beta releases (v2.0.0-beta.1
and so on) are now easy:
release-it --preRelease=beta
Installing the package with npm:
npm install awesome-pkg # Installs v1.4.1
npm install awesome-pkg@beta # Installs v2.0.0-beta.1
You can still override e.g. the npm tag being used:
release-it --preRelease=rc --npm.tag=next
See semver.org for more details.
Some projects use a distribution repository. Reasons to do this include:
Overall, it comes down to a need to release generated files (such as compiled bundles, documentation) into a separate repository. Some examples include:
To use this feature, set the dist.repo
option to a git endpoint. This can be a branch (also of the same source repository), like "git@github.com:webpro/release-it.git#gh-pages"
. Example:
"dist": {
"repo": "git@github.com:components/ember.git"
}
The repository will be cloned to dist.stageDir
, and the dist.files
(relative to dist.baseDir
) will be copied from the source repository. The files will then be staged, commited and pushed back to the remote distribution repository.
Make sure to set dist.github.release
and dist.npm.publish
to true
as needed. The dist.github.*
options will use the github.*
values as defaults. Idem dito for dist.npm.*
options, using npm.*
for default values.
During the release of a source and distribution repository, some "dist" tasks are executed before something is committed to the source repo. This is to make sure you find out about errors (e.g. while cloning or copying files) as soon as possible, and not after a release for the source repository first.
"private": true
setting in package.json will be respected and the package won't be published to npm.src.pushRepo
option to set an alternative url or name of a remote as in git push <src.pushRepo>
. By default this is null
and git push
is used when pushing to the remote.Please see CONTRIBUTING.md.
Major dependencies:
The following Grunt plugins have been a source of inspiration:
FAQs
Generic CLI tool to automate versioning and package publishing-related tasks.
The npm package release-it receives a total of 385,952 weekly downloads. As such, release-it popularity was classified as popular.
We found that release-it demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.ย It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.