npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

pubm

v0.0.5

Published

publish manager for multiple registry (jsr, npm and private registries)

Downloads

1,624

Readme

Features

  • Publish package to npm and jsr at once
  • Private registry support (Soon)
  • Customize (Soon)
    • GitHub release draft format
    • Adjust tasks (Add, Remove, Sorting tasks)

Prerequisites

  • Node.js 18 or later
  • npm 9 or later
  • Git 2.11 or later
  • jsr

Install

npm i -g pubm

Usage

Usage:
  $ pubm [version]

  Version can be:
    major | premajor | minor | preminor | patch | prepatch | prerelease | 1.2.3

Options:
  --test-script <script>      The npm script to run tests before publishing (default: test)
  --build-script <script>     The npm script to run build before publishing (default: build)
  -p, --preview               Show tasks without actually executing publish 
  -b, --branch <name>         Name of the release branch (default: main)
  -a, --any-branch            Show tasks without actually executing publish 
  --no-pre-check              Skip prerequisites check task
  --no-condition-check        Skip required conditions check task
  --no-tests                  Skip running tests before publishing
  --no-build                  Skip build before publishing
  --no-publish                Skip publishing task
  --no-release-draft          Skip creating a GitHub release draft
  --publish-only              Run only publish task for latest tag 
  -t, --tag <name>            Publish under a specific dist-tag (default: latest)
  -c, --contents <path>       Subdirectory to publish 
  --no-save-token             Do not save jsr tokens (request the token each time)
  --registry <...registries>  Target registries for publish
        registry can be npm | jsr | https://url.for.private-registries (default: npm,jsr)
  -h, --help                  Display this message 
  -v, --version               Display version number 

Config for publish

You can have either package.json or jsr.json.

Configuration file (Soon)

pubm.js or pubm.mjs

Tasks

  • Notify new version
  • Checking required information
    • Select SemVer increment or specify new version
    • Select the tag for this pre-release version in npm: (if version is prerelease)
      • checking for the existence of either package.json or jsr.json
  • Prerequisite checks = skip-pre (for deployment reliability)
    • Checking if remote history is clean...
    • Checking if the local working tree is clean...
    • Checking if commits exist since the last release...
    • Verifying current branch is a release branch...
    • Checking git tag existence...
  • Required conditions checks (concurrently) = skip-required (for pubm tasks)
    • Verifying if npm CLI and jsr CLI are installed...
    • Ping registries...
    • Checking if test and build scripts exist...
    • Checking git version...
    • Checking available registries for publishing...
      • in jsr permission check token exist and ask token
      • if first time -> Checking package name availability...
      • if scoped package and scope reserved contact message
  • Running tests...
  • Building the project...
  • Bumping version...
  • Publishing... (concurrently)
    • npm
      • Running npm publish...
      • Verifying two-factor authentication...
    • jsr
      • Running jsr publish...
  • Pushing tags to GitHub...
  • Creating release draft on GitHub...
  • Show New files and New dependencies
  • Check commits exist since last release
  • Check package name availabliity
  • Input SemVer version
  • Input tag (if version is prerelease)
  • Check hasn't been published scoped package
  • Prerequisite tasks
    • Ping npm registry
    • Check package manager version
    • Verify user is authenticated
    • Check git version
    • Check git remote
    • Validate version
    • Check for prerelease vesion
      • if not private and is prerelease version and tag option not exist -> throw error should set tag
    • Check git tag existence
  • Git tasks
    • Check current branch is release branch
    • Check local working tree is clean
    • Check remote history is clean
  • Cleanup
  • Install dependencies
  • Tests
  • Bumping version
  • Publish package
  • two-factor authentication
  • Push tags
  • Release draft

FAQ

Why does jsr only ask for tokens?

The only way to access jsr’s certified environment is through a direct API request with a token.

How is the jsr token stored? Is it secure?

The jsr token is encrypted and stored using various layers of information. As long as you have control over the local machine where pubm was run, it is highly unlikely the token can be compromised.

If you prefer not to save tokens, you can use the --no-save-token option, which will request the token each time.