Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket

semantic-release

Package Overview
Dependencies
Maintainers
4
Versions
449
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

semantic-release - npm Package Compare versions

Comparing version
25.0.2
to
25.0.3
+21
-0
docs/recipes/ci-configurations/github-actions.md

@@ -24,2 +24,23 @@ # Using semantic-release with [GitHub Actions](https://help.github.com/en/categories/automating-your-workflow-with-github-actions)

## Important: Avoid `registry-url` in `setup-node`
**Do not** set the `registry-url` option in the `actions/setup-node` step when using semantic-release for npm publishing. The `registry-url` option causes `setup-node` to create an `.npmrc` file that can conflict with semantic-release's npm authentication mechanism, leading to `EINVALIDNPMTOKEN` errors even when your token is valid.
```yaml
# ❌ Don't do this - can cause conflicts with semantic-release
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "lts/*"
registry-url: "https://registry.npmjs.org"
# ✅ Do this instead - let semantic-release handle npm authentication
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "lts/*"
```
If you need to specify a custom registry, configure it in your project's `.npmrc` file instead. This ensures consistent behavior between local development and CI environments, and avoids conflicts with semantic-release.
## Node project configuration

@@ -26,0 +47,0 @@

+3
-3
import { isNil, sortBy } from "lodash-es";
import semverDiff from "semver-diff";
import { FIRST_RELEASE, RELEASE_TYPE } from "../definitions/constants.js";

@@ -10,2 +9,3 @@ import {

getUpperBound,
getVersionDiff,
highest,

@@ -46,3 +46,3 @@ isMajorRange,

const max = lowest(base, getUpperBound(range));
const diff = semverDiff(min, max);
const diff = getVersionDiff(min, max);
return {

@@ -80,3 +80,3 @@ ...rest,

const diff = bound ? semverDiff(lastVersion, bound) : null;
const diff = bound ? getVersionDiff(lastVersion, bound) : null;
return {

@@ -83,0 +83,0 @@ ...rest,

import { intersection, uniqBy } from "lodash-es";
import semver from "semver";
import semverDiff from "semver-diff";
import getLastRelease from "./get-last-release.js";
import { getLowerBound, makeTag } from "./utils.js";
import { getLowerBound, getVersionDiff, makeTag } from "./utils.js";

@@ -45,3 +44,3 @@ /**

const type = lastRelease.version ? semverDiff(lastRelease.version, version) : "major";
const type = lastRelease.version ? getVersionDiff(lastRelease.version, version) : "major";
const name = makeTag(tagFormat, version);

@@ -48,0 +47,0 @@ return {

@@ -85,2 +85,10 @@ import { template, union } from "lodash-es";

export function getVersionDiff(version1, version2) {
if (semver.gte(version1, version2)) {
return undefined;
}
return semver.diff(version1, version2);
}
export function extractGitLogTags(tagsString) {

@@ -87,0 +95,0 @@ const regex = /tag: ([^,)]+)/g;

{
"name": "semantic-release",
"description": "Automated semver compliant package publishing",
"version": "25.0.2",
"version": "25.0.3",
"type": "module",

@@ -56,3 +56,2 @@ "author": "Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)",

"semver": "^7.3.2",
"semver-diff": "^5.0.0",
"signale": "^1.2.1",

@@ -62,3 +61,3 @@ "yargs": "^18.0.0"

"devDependencies": {
"@types/node": "24.10.0",
"@types/node": "24.10.9",
"@types/signale": "1.4.7",

@@ -71,16 +70,16 @@ "ava": "6.4.1",

"file-url": "4.0.0",
"fs-extra": "11.3.2",
"got": "14.6.2",
"js-yaml": "4.1.0",
"lockfile-lint": "4.14.1",
"ls-engines": "0.9.3",
"fs-extra": "11.3.3",
"got": "14.6.6",
"js-yaml": "4.1.1",
"lockfile-lint": "5.0.0",
"ls-engines": "0.10.0",
"mockserver-client": "5.15.0",
"nock": "14.0.10",
"npm-run-all2": "8.0.4",
"p-retry": "7.1.0",
"prettier": "3.6.2",
"publint": "0.3.15",
"sinon": "21.0.0",
"p-retry": "7.1.1",
"prettier": "3.8.1",
"publint": "0.3.17",
"sinon": "21.0.1",
"stream-buffers": "3.0.3",
"tempy": "3.1.0",
"tempy": "3.1.2",
"testdouble": "3.20.2"

@@ -169,3 +168,3 @@ },

},
"packageManager": "npm@11.4.2"
"packageManager": "npm@11.8.0+sha512.9f5f6c25e5be44629d907a3c482739c614b090a8505057d9685cd273e12c6172e34aa215d2d97bd9a0d8415bb356f7eb6f2b06c1d690b0d2cdcb9f09d7410149"
}

@@ -142,3 +142,2 @@ <h1 align="center" style="border-bottom: none;">📦🚀 semantic-release</h1>

- [Stack Overflow](https://stackoverflow.com/questions/tagged/semantic-release)
- [Twitter](https://twitter.com/SemanticRelease)

@@ -145,0 +144,0 @@ ## Badge