npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@lets-release/npm

v7.0.0

Published

Let's Release npm plugin

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

manlaomanlao

Keywords

Readme

@lets-release/npm

lets-release plugin for publishing npm packages.

| Step | Description | | ------------------ | ------------------------------------------------------------------------- | | findPackages | Find packages in workspace. | | verifyConditions | Verify the authentication method is valid. | | prepare | Update the package.json version and create the npm package tarball. | | addChannels | Add a release to dist-tags. | | publish | Publish the npm package to the registry. |

Usage

The plugin can be configured in the lets-release configuration file:

{
  "plugins": ["@lets-release/commit-analyzer", "@lets-release/release-notes-generator", "@lets-release/npm"]
}

Configuration

Provenance

If you are publishing to the official registry and your pipeline is on a provider that is supported by npm for provenance, npm can be configured to publish with provenance.

Since lets-release wraps the npm publish command, configuring provenance is not directly supported. Instead, provenance can be configured through other configuration options exposed by npm. Provenance applies specifically to publishing, so we recommend configuring it under publishConfig in the package.json.

Provenance on GitHub Actions

For package provenance to be signed on GitHub Actions CI, the following permission needs to be enabled on the job:

permissions:
  id-token: write # to enable use of OIDC for npm provenance

It's worth noting that if you are using lets-release to its fullest with a GitHub release, GitHub comments, and other features, then more permissions are required to be enabled on this job:

permissions:
  contents: write # to be able to publish a GitHub release
  issues: write # to be able to comment on released issues
  pull-requests: write # to be able to comment on released pull requests
  id-token: write # to enable use of OIDC for npm provenance

Options

| Options | Description | Default | | ---------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------- | | skipPublishing | Whether to publish the npm package to the registry. If true, the package.json version will still be updated. | true if the package.json private property is true; false otherwise. | | tarballDir | Directory path in which to write the package tarball. If not set the tarball will not be kept on the file system. | - |

Package manager

The plugin uses preferred-pm to detect your package manager, and resolve-workspace-root to determine workspace root. The Supported package managers are npm, pnpm, and yarn.

Publish configuration

The registry can be configured under publishConfig in package.json:

{
  "publishConfig": {
    "registry": "https://registry.npmjs.org/",
    "tag": "latest"
  }
}

Notes:

  • The presence of registry under publishConfig in the package.json will take precedence over the configuration in package manager config files
  • The auth token can be set in package manager config files (.npmrc for npm and pnpm, .yarnrc.yml for yarn). Do not save the actual token in config files and commit it to the repo. Use environment variables or temporarily alter config files in the CI system

Examples

The skipPublishing and tarballDir options can be used to skip publishing to the npm registry and instead release the package tarball with another plugin. For example, with the @lets-release/github plugin:

{
  "plugins": [
    "@lets-release/commit-analyzer",
    "@lets-release/release-notes-generator",
    [
      "@lets-release/npm",
      {
        "skipPublishing": true,
        "tarballDir": "dist"
      }
    ],
    [
      "@lets-release/github",
      {
        "assets": "dist/*.tgz"
      }
    ]
  ]
}