Comments (12)
Cool makes sense. I might be useful just to add to the docs something along the lines of If your package is set to private in package.json, then this plugin will ignore the `npmPublish` setting altogether.
This would mostly be useful to newcomers to the npm publishing pipeline (like me) who may not understand the underlying constraints properly. Again, happy to open a PR if you feel the docs can be more clear.
from npm.
As @travi mentioned to publish on a private repo you have to use publishConfig.access: restricted
.
from npm.
Just as a side note, it does seem that the documentation should be updated to indicate that private: true
will disable publishing altogether. As currently worded, it implies that this behavior can be overridden in .releaserc.
from npm.
I fully agreee with @aaroncraigongithub, just lost more than half an hour because the documentation wording is misleading!
And the use-case of being willing to publish only to a private package registry might justify a line about it in the docs, IMHO
from npm.
Looks like the logic here is incorrect?
https://github.com/semantic-release/npm/blob/master/lib/publish.js#L16
I believe it should be something like:
if (npmPublish === true || pkg.private !== true) {
I'll work up a PR if that looks good.
from npm.
This is intentional. We made the choice of publishing only when there is no doubt about the user intention. If those two properties contradict each other we skip the publication to be safe.
In any case, what you try to achieve will not work, even with your change.
With what you propose, semantic-release would call npm publish
and it will errors out because the private
property of package.json
is true
.
If you want to publish your module on the npm repository, don't set it to private
.
from npm.
@aaroncraigongithub are you maybe wanting restricted
for publishConfig.access
instead of private
?
from npm.
@pvdlg @travi perhaps I'm configured incorrectly, and npm docs are unclear as to what the setting in package.json should be, but according to this page, I believe I can publish private packages to npm:
https://docs.npmjs.com/creating-and-publishing-private-packages
I'm assuming by private, the docs mean "packages that have private: true
in their package.json file" , as I am unaware of specifying private packages in any other way.
For context, in my specific case, I am publishing a private repo to an org npm account.
from npm.
However, @pvdlg is correct, npm publish
does fail if I have private: true
in package.json, so the current implementation is correct.
from npm.
the main thing to be aware of is that semantic-release defers to npm itself for that type of config. the npm docs already specify the behavior of private
. referring to the npm docs is also mentioned in the readme for this project.
from npm.
So, npmPublish
in .releaserc
can only ever have an effect when it is false
(in other words, it's solely to be used to disable publishing in a package that would otherwise be published)?
from npm.
Yes. That's explained in the docs by mentioning the default value of npmPublish
is true
.
Having it also allow users to use the @sematnic-release/npm
plugin to update their package.json
without publishing and without having to set private
to true
. This useful for Atom packages for example.
The npmPublish
option was introduced before we started to handle private
. Looking back we should probably have supported only private
and find a better way to support the edge case of packages that need to skip publish but can't set private
to true
. But now we can't remove the npmPublish
so easily.
from npm.
Related Issues (20)
- HIGH SEVERITY security problem CVE-2021-3795 (semver-regex and find-versions) HOT 3
- You cannot publish over the previously published versions
- Provide a better error message in case of an E400 bad request without further explanation from npm
- semantic-release/npm forced npm version in scripts HOT 2
- Why is `npm version` used to set the version? HOT 1
- Add support for npm v9 HOT 7
- `prepack` run twice when set `tarballDir` HOT 1
- npm publish looks for package.json at disk root HOT 3
- Incompatible with Yarn (Berry) HOT 1
- a `Cannot read properties of null (reading 'matches'` error when using multi-semantic-release HOT 8
- Use clean-publish
- fix vulnerability with http-cache-semantics <4.1.0 HOT 4
- Why support of legacy auth was dropped? HOT 2
- pkgRoot property not working HOT 1
- Provenance support not working? HOT 1
- npm whoami failing HOT 3
- `package.json` version not updated, despite correct plugin ordering HOT 1
- Set --no-workspaces with npm version HOT 2
- Command failed with exit code 1: npm version 0.22.2 --userconfig HOT 2
- error on publishing HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm.