Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

semantic-release-yarn

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

semantic-release-yarn

semantic-release plugin to publish a npm package with yarn

  • 0.1.1
  • npm
  • Socket score
Version published
Weekly downloads
6.1K
increased by14.67%
Maintainers
1
Weekly downloads
 
Created
Source

semantic-release-yarn npm

semantic-release plugin to publish a npm package with Yarn.

Use this plugin instead of the default @semantic-release/npm if you want to use Yarn instead of the NPM CLI to publish your packages to the NPM registry.

As an added bonus, this plugin will also publish some simple monorepo patterns (currently WIP).

Table of contents

Install

yarn add --dev semantic-release-yarn

⚠️
Please note this plugin only works with Yarn 2 and higher.

Usage

The plugin must be added in the semantic-release configuration, for example:

{
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    "semantic-release-yarn",
    "@semantic-release/github"
  ]
}

NPM registry authentication

The NPM authentication configuration is required and can be set either via environment variables or the .yarnrc.yml file.

⚠️
When two-factor authentication is enabled on your NPM account and enabled for writes (default setting), the token needs to be of type Automation.

⚠️
Only the npmAuthToken is supported. The legacy npmAuthIdent (username:password) authentication is strongly discouraged and not supported by this plugin.

Configuration

Environment variables

VariableDescription
YARN_NPM_AUTH_TOKENNPM token. Translates to the npmAuthToken .yarnrc.yml option.
YARN_NPM_PUBLISH_REGISTRYNPM registry to use. Translates to the npmPublishRegistry .yarnrc.yml option.

Most other Yarn options could be specified as environment variables as well. Just prefix the names and write them in snake case. Refer to the Yarnrc files documentation to see all options.

⚠️
The configuration set by environment variables will take precedence over configuration set in the .yarnrc.yml file.

.yarnrc.yml file

Options can also be set in a .yarnrc.yml file. See Yarnrc files for the complete list of option.

package.json file

The registry can be configured in the package.json and will take precedence over the configuration in environment variables and the .yarnrc.yml file.

{
  "publishConfig": {
    "registry": "https://registry.npmjs.org/"
  }
}

⚠️
The @semantic-release/npm plugin supports setting the publishConfig.tag option. However, Yarn 2 doesn't seem to > support this.

Plugin options

These options can be added to the semantic-release configuration, for example:

{
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    [
      "semantic-release-yarn",
      {
        "npmPublish": false
      }
    ],
    "@semantic-release/github"
  ]
}
OptionsDescriptionDefault
npmPublishWhether to publish the NPM package to the registry. If false the package.json version will still be updated.false if the package.json private property is true, true otherwise.
pkgRootDirectory path to publish..
tarballDirDirectory path in which to write the package tarball. If false the tarball is not kept on the file system.false

⚠️
The pkgRoot directory must contain a package.json. The version will be updated only in the package.json within the pkgRoot directory.

Examples

The npmPublish and tarballDir option can be used to skip the publishing to the NPM registry and instead release the package tarball with another plugin. For example with the @semantic-release/github plugin:

{
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    [
      "semantic-release-yarn",
      {
        "npmPublish": false,
        "tarballDir": "dist"
      }
    ],
    [
      "@semantic-release/github",
      {
        "assets": "dist/*.tgz"
      }
    ]
  ]
}

Plugin steps

StepDescription
verifyConditionsVerify Yarn 2 or higher is installed, verify the presence of an NPM auth token (either in an environment variable or an .yarnrc.yml file) and verify the authentication method is valid.
prepareUpdate the package.json version and create the package tarball.
addChannelAdd a tag for the release.
publishPublish to the npm registry.

Roadmap

  • Monorepo support
  • Get rid of CJS build once upstream PR 2607 lands
  • Since we're using the latest AggregateError package, semantic-release is not picking up our error stack and we get a generic error message instead of a well formatted one. Hope this can be fixed once upstream PR #2631 lands

Credits

©️ Copyright 2022 Joram van den Boezem
♻️ Licensed under the MIT license
⚡ Powered by Node.js and TypeScript (and a lot of amazing open source packages)
🚀 This plugin is forked from the core @semantic-release/npm plugin.

Keywords

FAQs

Package last updated on 07 Dec 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Research

Security News

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

By Kirill Boychenko  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc