Comments (7)
During the npm release I ended up having an error:
npm ERR! This package has been marked as private
npm ERR! Remove the 'private' field from the package.json to publish it.
This could be prevented within verify
stage by controlling if the package.json is having a false value for the key private
.
It should break with:
{
+ "private": "true"
}
from npm.
Maybe private: true
should have the same effect as npmPublish: false
, i.e. skip publish and just create the package locally, without erroring out?
from npm.
@pvdlg according to https://docs.npmjs.com/files/package.json#private:
If you set "private": true in your package.json, then npm will refuse to publish it.
This is a way to prevent accidental publication of private repositories. If you would like to ensure that a given package is only ever published to a specific registry (for example, an internal registry), then use the publishConfig dictionary described below to override the registry config param at publish-time.
I believe private: true
and npmPublish: false
are different configuration. private: true
is specifically designed to return an exit code 1
.
from npm.
But in the context of semantic-release you can set private: false
to make sure the package is not published on npm but still want to update the version
in package.json
, commit the package.json
to the repo, make a release on GitHub, create a tag etc...
If you throw an error when private
is true
that means you can't use this plugin at all, therefore you can't update the version
in package.json
and you can't generate the package with npm pack
.
Having a package with private
set to true
for safety (like outside of the semantic-release context) and wanting to update the version
seems a valid use to me.
from npm.
you can't generate the package with
npm pack
.
This is not true, this is how we install our private package which are not released on any registries.
We use private: true
by default, and we have a specific command to remove it from our package.json
.
I agree that a warning would be sufficient as we may want to tag a GitLab/GitHub version.
from npm.
This is not true, this is how we install our private package which are not released on any registry.
What I'm saying is that if @semantic-release/npm
throws an error when private: true
that means you can't use it to generate the package with npm pack
.
Currently if you set npmPublish: false
the plugin will run npm pack
instead of npm publish
.
My point is that there is no reason to throw an error is private: false
because it would prevent users in such situation to use other feature of the plugin.
from npm.
This just bit me:
I just had a case where a user mistakenly didn't have public rights to the npm package (after changing tokens and using a different user for the token a couple weeks ago).
However, the
verifyConditions
didn't catch this. It was only caught when the npm publish step failed with a 403 error message stating the user doesn't have publish rights.That meant the the git tag was still pushed to the repo, leaving the tag out of sync. Retrying the build would then not publish, because the tag was already pushed.
from npm.
Related Issues (20)
- Add support for npm v9 HOT 7
- `prepack` run twice when set `tarballDir` HOT 1
- npm publish looks for package.json at disk root HOT 3
- Incompatible with Yarn (Berry) HOT 1
- a `Cannot read properties of null (reading 'matches'` error when using multi-semantic-release HOT 8
- Use clean-publish
- fix vulnerability with http-cache-semantics <4.1.0 HOT 4
- Why support of legacy auth was dropped? HOT 2
- pkgRoot property not working HOT 1
- Provenance support not working? HOT 1
- npm whoami failing HOT 3
- `package.json` version not updated, despite correct plugin ordering HOT 1
- Set --no-workspaces with npm version HOT 2
- Command failed with exit code 1: npm version 0.22.2 --userconfig HOT 2
- error on publishing HOT 1
- Publishing failed since update from [email protected] to [email protected] with files mentioned in .gitignore HOT 6
- Update a package.json in a sub folder
- CVE-2023-42282 HOT 1
- Support for custom package.json properties to write changelist entries
- NPM Audit Signatures issue on 11.0.3 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm.