This repository contains various npm projects used to publish common utility code to a private npm registry.
This project contains a safe-publish.sh script that can be used to safely publish updates to packages. It contains a check for the correct scope in the name field of the corresponding package.json. It requires 1 argument which is the directory name of the project to publish. For example:
./safe-publish.sh auth0-client
NOTE: The script does depend on jq to be installed and in your PATH. This is a great program for filtering and editing JSON data so check it out if you haven't already.
Read more about preparing to publish in the following sections.
By default npm will publish to the public registry. However, we want to publish our packages with restricted access to a private npm registry. We override the default behavior by using a scoped package name in the package.json file (e.g. @my-private-repo/my-package-name). Therefore, it is extremely important to set the package name appropriately. For additional safety, you can specify the --access restricted option when publishing. Take a look at the documentation for the npm publish command for other options and publishing considerations.
To publish to a private registry you must first be added as a user and execute npm login at the command line. This will store an entry into the ~/.npmrc file with the registry name as a key and an authentication token as the value. You may already be logged in and can verify by running cat ~/.npmrc. You can learn more about the npmrc config file here.
Once properly authenticated and the package name is set with the appropriate scope (e.g. @my-private-repo), then you can publish by running the following command in the root directory of the project you want to publish (i.e. the directory containing the package.json file):
npm publish
By default the npm publish command tags the version with latest. This can be overriden with the --tag <tag> option of the publish command. Also, tags can be managed for a published package using the npm dist-tag command. To add a beta tag for example:
npm dist-tag add @my-private-repo/[email protected] beta
See the documentation for the npm dist-tag command for more information on adding, removing and listing tags.
You need not worry about overwriting a previouly published version. If you forget to change the version in the package.json file, the npm publish command will error indicating the version already exists.
In most, if not all cases, there is no reason to publish every file in an npm project directory. Examples include project files generated by IDEs, test files, code files that need to be preprocessed with TypeScript compiler or the like, etc. These can be ignored using either .gitignore or .npmignore.
Since .gitignore is specific to ignoring files that should not be stored in a git repository, it is recommended to use .npmignore for the purpose of ignoring files when publishing npm packages. If both files are present .npmignore is used. In a lot of cases this is necessary anyway. Testing or raw TypeScript files very much should be stored in source control and would be absent from .gitignore, but they are not necessary when publishing and would be found in .npmignore.