Safe and highly functional replacement for npm publish.
There are numerous ways to "shoot yourself in the foot" using npm publish.
publish-please enables you to check that what will be sent to the registry is valid, free of vulnerabilities and free of useless files.
Before running npm publish, run this command at the root of your project folder:
npx publish-please --dry-runThis example shows up that you are about to push your test files to the registry:
When all validations pass, publish-please will show you the exact content of the package that will be sent to the registry, so you can check everything is included in the package:
-
npm test
- Check that all tests pass
-
Checking for the vulnerable dependencies
- Perform vulnerable dependencies check using
npm audit
- Perform vulnerable dependencies check using
-
Checking for the uncommitted changes
- Check that there are no uncommitted changes in the working tree
-
Checking for the untracked files
- Check that there are no untracked files in the working tree
-
Checking for the sensitive and non-essential data in the npm package
- Check that the npm package will not embed sensitive files or useless files (like test files)
-
Validating branch
- Check that current branch is master
-
Validating git tag
- Check that git tag matches version specified in the
package.json
- Check that git tag matches version specified in the
[to be continued]