npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

publish-please-custom-publish-command

v2.4.0

Published

Safe and highly functional replacement for `npm publish`.

Downloads

4

Readme

Publish, please!

Build Status npm version Dependency Status

There are numerous ways to "shoot yourself in the foot" using npm publish. The purpose of this module is to replace npm publish for your packages with safe and more functional alternative, which will allow you to:

  • Run tests or build steps before publishing (because prepublish is broken).
  • Perform check for the sensitive data in your package to be sure that you didn't leak it by accident (Further reading: Do not underestimate credentials leaks).
  • Perform check for vulnerable dependencies using Node Security Project data.
  • Check that you are in the correct git branch.
  • Check that git tag matches version specified in the package.json.
  • Check that there are no uncommitted changes in the working tree.
  • Check that there are no untracked files in the working tree.
  • Force usage of the npm publish tag there necessary, so you'll be sure you're not publishing preview version of your package as a release version.
  • Get release summary and publishing confirmation.
  • Configure publishing using built-in configuration wizard.

Getting started

Setup process of publish-please is quite trivial - just run

npm install --save-dev publish-please

in your project's directory.

Once it finish installing, publish-please will automatically run it's configuration wizard, which will guide you through some simple steps to setup features you want to use:

config

If you forgot to configure something or just changed your mind and want to change configuration, just run

npm run publish-please config

to return to wizard.

So, once you've done with wizard from now on npm publish for your package is disabled (Muahahaha :smiling_imp:):

guard

But don't worry it's done for the good reason to prevent you or your co-workers run unsafe publishing process. Use awesome version instead:

npm run publish-please

Options

  • prePublishScript - Specifies command that will be run before publish (e.g. npm test). Use it for builds and tests. Default: npm test.
  • postPublishScript - Specifies command that will be run after successful publishing. Use it for release announcements, creating a GitHub release, uploading binaries, etc. Default: `` (no command).
  • publishCommand - Specifies publishing command which will be used to publish the package. Default: npm publish.
  • publishTag - Specifies tag with which package will be published. See npm publish docs for more info. Default: latest.
  • confirm - Ask for the confirmation before publishing. Default: true.

Validations

  • uncommittedChanges - Check that there are no uncommitted changes in the working tree. Default: true.
  • untrackedFiles - Check that there are no untracked files in the working tree. Default: true.
  • gitTag - Check that git tag matches version specified in the package.json. Default: true.
  • branch - Check that current branch matches the specified branch. Default: master.
  • sensitiveData - Perform audit for the sensitive data. Default: true.
  • vulnerableDependencies - Perform vulnerable dependencies check using Node Security Project data. Default: true.

Sensitive information audit

Important note: tool provides some very basic sensitive data check. Do not rely on it fully. Always perform manual checks for the sensitive data in your packages.

Performed for the following items:

  • Private SSH key
  • Potential cryptographic private key
  • Potential cryptographic key bundle
  • Pidgin OTR private key
  • Shell command history file
  • MySQL client command history file
  • PostgreSQL client command history file
  • Ruby IRB console history file
  • Pidgin chat client account configuration file
  • Hexchat/XChat IRC client server list configuration file
  • Irssi IRC client configuration file
  • Recon-ng web reconnaissance framework API key database
  • DBeaver SQL database manager configuration file
  • Mutt e-mail client configuration file
  • S3cmd configuration file
  • T command-line Twitter client configuration file
  • OpenVPN client configuration file
  • Well, this is awkward... Gitrob configuration file
  • Shell configuration file
  • Shell profile configuration file
  • Shell command alias configuration file
  • Ruby On Rails secret token configuration file
  • OmniAuth configuration file
  • Carrierwave configuration file
  • Ruby On Rails database schema file
  • Potential Ruby On Rails database configuration file
  • Django configuration file
  • PHP configuration file
  • KeePass password manager database file
  • 1Password password manager database file
  • Apple Keychain database file
  • GNOME Keyring database file
  • Log file
  • Network traffic capture file
  • SQL dump file
  • GnuCash database file
  • Contains word: backup
  • Contains word: dump
  • Contains word: password
  • Contains words: private, key
  • Jenkins publish over SSH plugin file
  • Potential Jenkins credentials file
  • Apache htpasswd file
  • Configuration file for auto-login process
  • KDE Wallet Manager database file
  • Potential MediaWiki configuration file
  • Tunnelblick VPN configuration file
  • Rubygems credentials file
  • Potential MSBuild publish profile
  • PHP dotenv

Check out my other packages used by this tool

  • cp-sugar - Some sugar for child_process module.
  • elegant-status - Create elegant task status for CLI.
  • pkgd - Get package publish info: package.json and file list.
  • promisify-event - Promisify EventEmitter's event.

Author

Ivan Nikulin ([email protected])