npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

eugenejahn-test-npm-trusted-publishing

v1.0.3

Published

A test npm package demonstrating trusted publishing with GitLab CI/CD

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

eugenethehubeugenethehub

Keywords

testnpmtrusted-publishinggitlab-ci

Readme

npm-test

Getting started

To make it easy for you to get started with GitLab, here's a list of recommended next steps.

Already a pro? Just edit this # Test NPM Package with GitLab Trusted Publishing

This is a test npm package demonstrating how to set up trusted publishing for npm packages using GitLab CI/CD with OpenID Connect (OIDC) authentication.

Features

  • 🔐 Trusted Publishing: Uses OIDC tokens instead of long-lived npm tokens
  • 🚀 Automated Publishing: Publishes automatically on version tags
  • 📦 Simple Package: Basic utility functions for testing
  • Comprehensive Testing: Includes test suite with CI integration
  • 🔍 Security: Automatic provenance generation

Quick Start

Installation

npm install @your-username/test-npm-package

Usage

import { greet, add, getVersion } from "@your-username/test-npm-package";

// Basic greeting
console.log(greet()); // "Hello, World!"
console.log(greet("Alice")); // "Hello, Alice!"
console.log(greet("Bob", "Hi")); // "Hi, Bob!"

// Math operations
console.log(add(2, 3)); // 5

// Package info
console.log(getVersion()); // "1.0.0"

Setting Up Trusted Publishing

Prerequisites

  • GitLab.com account
  • npm account
  • npm CLI version 11.5.1 or later

Step 1: Configure Trusted Publisher on npmjs.com

  1. Go to your package page on npmjs.com
  2. Navigate to SettingsPublishing Access
  3. Find the "Trusted Publisher" section
  4. Click "GitLab CI/CD" button
  5. Configure the following fields:
    • Namespace: Your GitLab username or group name (e.g., your-username)
    • Project name: Your repository name (e.g., test-npm-package)
    • Top-level CI file path: .gitlab-ci.yml
    • Environment name: (optional, leave empty for this example)

Step 2: Update Package Configuration

Make sure your package.json has the correct repository URL and package name:

{
  "name": "@your-username/test-npm-package",
  "repository": {
    "type": "git",
    "url": "git+https://gitlab.com/your-username/test-npm-package.git"
  }
}

Step 3: Publishing Process

  1. Update version: Update the version in package.json
  2. Create and push a tag:
    git tag v1.0.1
git push origin v1.0.1
  3. Automatic publishing: GitLab CI/CD will automatically run and publish to npm

CI/CD Pipeline

The GitLab CI/CD pipeline includes:

  • Test Stage: Runs tests on all branches and merge requests
  • Build Stage: Prepares the package for publishing (tags only)
  • Publish Stage: Publishes to npm using trusted publishing (tags only)
  • Security Audit: Checks for vulnerabilities
  • Dry Run: Tests publishing process on merge requests

Pipeline Triggers

  • All branches: Test and security audit
  • Merge Requests: Test, security audit, and dry run publish
  • Version tags (e.g., v1.0.0): Full pipeline including publish

Security Best Practices

This package implements several security best practices:

  1. Trusted Publishing: Uses OIDC tokens instead of long-lived npm tokens
  2. Automatic Provenance: npm automatically generates provenance attestations
  3. Restricted Publishing: Consider enabling "Require two-factor authentication and disallow tokens" in npm settings
  4. Version Tags: Publishing only triggered by semantic version tags
  5. Audit Checks: Automated security vulnerability scanning

Local Development

Setup

# Clone the repository
git clone https://gitlab.com/your-username/test-npm-package.git
cd test-npm-package

# Install dependencies
npm install

# Run tests
npm test

# Test publishing (dry run)
npm publish --dry-run

Testing

# Run all tests
npm test

# Manual testing
node test/test.js

File Structure

test-npm-package/
├── .gitlab-ci.yml          # GitLab CI/CD configuration
├── .npmignore              # Files to exclude from npm package
├── package.json            # Package configuration
├── index.js                # Main package file
├── test/
│   └── test.js            # Test suite
└── README.md              # This file

Troubleshooting

Common Issues

  1. "Unable to authenticate" error:

    • Verify the workflow filename matches exactly (.gitlab-ci.yml)
    • Ensure you're using GitLab.com shared runners (not self-hosted)
    • Check that the namespace and project name are correct in npm settings

  2. Publishing not triggered:

    • Ensure your tag follows semantic versioning (e.g., v1.0.0)
    • Check that the tag was pushed to GitLab: git push origin v1.0.0

  3. Tests failing:

    • Run tests locally: npm test
    • Check for syntax errors: node index.js

Verification

After successful publishing, verify:

  1. Package appears on npmjs.com
  2. Provenance badge is visible on the package page
  3. Package can be installed: npm install @your-username/test-npm-package

Additional Resources

License

MIT and make it your own. Want to make it easy? Use the template at the bottom!

Add your files

cd existing_repo
git remote add origin https://gitlab.com/eugenejahnjahn/npm-test.git
git branch -M main
git push -uf origin main

Integrate with your tools

Collaborate with your team

Test and Deploy

Use the built-in continuous integration in GitLab.

Editing this README

When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thanks to makeareadme.com for this template.

Suggestions for a good README

Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.

Name

Choose a self-explaining name for your project.

Description

Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.

Badges

On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.

Visuals

Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.

Installation

Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.

Usage

Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.

Support

Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.

Roadmap

If you have ideas for releases in the future, it is a good idea to list them in the README.

Contributing

State if you are open to contributions and what your requirements are for accepting them.

For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.

You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.

Authors and acknowledgment

Show your appreciation to those who have contributed to the project.

License

For open source projects, say how it is licensed.

Project status

If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.