With a package.json
in the current directory, release-it will let npm
bump the version in package.json
(and
package-lock.json
if present), and publish to the npm registry.
If there is a package.json
but it should be ignored and nothing should be published to npm, use --no-npm
or
"npm": false
in the release-it configuration.
To prevent issues later in the process, release-it first checks whether the npm registry is up, the user is authenticated with npm and is a collaborator for the current package.
Some instances of npm registries, such as Nexus, do not support npm ping
, npm whoami
and/or npm access
. If the
error is a E400
or E404
, release-it will give a warning but continue.
To skip these checks, use npm.skipChecks
.
To bump the version in package.json
with the release, but not publish to the registry:
{
"npm": {
"publish": false
}
}
In case there is a package.json
, but no npm-related tasks should be executed, use "npm": false
(or --no-npm
).
To ignore the version
from package.json
, (and use the latest Git tag instead):
{
"npm": {
"ignoreVersion": true
}
}
Or --npm.ignoreVersion
from the command line.
Use e.g. --npm.tag=beta
to tag the package in the npm repository. With the --preRelease=beta
shorthand, the npm
dist-tag will have the same value (unless --npm.tag
is used to override this). The default tag is "latest".
For a pre-release, the default tag is "next". The tag will be derived from the pre-release version (e.g. version
2.0.0-alpha.3
will result in tag "alpha"), unless overridden by setting npm.tag
.
A scoped package (e.g. @user/package
) is either public or private. By default,
npm publish
will publish a scoped package as private. Note that scoped packages require a paid account.
In order to publish a scoped package to the public registry, specify this at the root of package.json
:
{
"publishConfig": {
"access": "public"
}
}
The default value for private packages is "restricted"
.
In case two-factor authentication (2FA) is enabled for the package, release-it will ask for the one-time password (OTP).
The OTP can be provided from the command line (--npm.otp=123456
). However, providing the OTP without a prompt
basically defeats the purpose of 2FA (also, the OTP expires after a short period).
Use npm.publishPath
to publish only a specific folder. For example, set npm.publishPath
to "dist"
. The default
value is the current (root) folder ("."
).
Monorepos do not require extra configuration, but release-it handles only one package at a time. Also see how Git steps can be skipped. This is useful if, for instance, tagging the Git repo should be skipped.
For Yarn workspaces, see the release-it-yarn-workspaces plugin.
- Learn how to authenticate and publish from a CI/CD environment.
- The
"private": true
setting in package.json will be respected, andrelease-it
will skip this step. - Getting an
ENEEDAUTH
error while a manualnpm publish
works? Please see #95.