npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

release-checker

v0.10.0

Published

Check your release before publishing

Downloads

93

Readme

Release Checker (alpha)

Build Status Build status npm version

There are numerous ways to "shoot yourself in the foot" using npm publish. The purpose of this module is to validate that your project is ready to be published in a safe way.

It checks the following:

  • package.json file is valid
  • build pass (unreleased)
  • tests pass
  • there is no sensitive data embedded in the package that will be sent to the registry
  • there is no useless files (like tests files) embedded in the package that will be sent to the registry
  • there are no vulnerable dependencies (unreleased)
  • there are no uncommitted changes in the working tree
  • there are no untracked files in the working tree
  • current branch is master or release
  • git tag matches version specified in the package.json
  • all licences declared in dependencies are valid (unreleased)

Warning

If you are running node 8 or above, and the package.json file has an already existing prepublish script, you should rename that script to prepublishOnly before using release-checker.

  • Run npm help scripts to get more details.

Install

  • local install

    npm install --save-dev release-checker

    Then add this script in the scripts section of the package.json file:

    "scripts": {
        "release-checker": "release-checker"
      },
  • global install

    npm install -g release-checker

Basic usage

  • local install

    npm run release-checker
  • global install

    release-checker
  • zero install

    npx release-checker

Command-line Options

When you specify no option, all checkers will run.

if you want to run only specific checkers, use the command-line options specific to these checkers.

-b, --branch

Ensure that current branch is master or release.

-c, --uncommited-files

Ensure there are no uncommited files in the working tree.

npx release-checker --uncommited-files

--customize-sensitivedata

Customize the sensitive or useless data checker. This will create, in the current directory, a .sensitivedata file that you can customize to fit your needs.

npx release-checker --customize-sensitivedata

-h, --help

Show help.

npx release-checker --help

-s, --sensitivedata

Ensure there is no sensitive or useless data in the npm package.

npx release-checker --sensitivedata

--skip-<checker>

Use this option when you want to run all checkers except specific ones.

For example this command will run all checkers except the test checker:

npx release-checker --skip-test

This other example will run all checkers except the test checker and the git-branch checker

npx release-checker --skip-test --skip-branch

The above command could be also rewritten to:

npx release-checker --skip-t --skip-b

-T, --tag

Ensure that latest git tag matches package.json version

npx release-checker --tag

-t, --test

Ensure that command npm test is successfull.

npx release-checker --test

-u, --untracked-files

Ensure there are no untracked files in the working tree.

npx release-checker --untracked-files

Sensitive or useless data Checker

This Checker checks there is no sensitive and no useless files inside the to-be-published package. This check performs only if npm version is 5.9.0 or above.

It will detect the following files:

  • Benchmark files
  • Configuration files
    • CI
    • eslint
    • GitHub
    • JetBrains
    • Visual Studio Code
  • Coverage files
  • Demo files
  • Dependency directories
  • Doc files
  • Example files
  • Log files
  • Private SSH key
  • Script files
  • Secret files
  • Source files
  • Temp files
  • Test files
  • Zip files
    • Output of 'npm pack' command

These files are defined inside the built-in .sensitivedata file.

You may completely override this file by creating a .sensitivedata file in the root directory of your project so that this checker fits your needs:

  • to create this file, just run the command:
npx release-checker --customize-sensitivedata
  • if you create your own .sensitivedata file, and the package.json file has no files section, consider adding .sensitivedata to the .npmignore file.

Authors

This project is a port of all validations provided by publish-please