You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First off, thank you for all the work, this tool is great and has saved me a bunch of time. However, I've now published several (new) private packages as public inadvertently, and it was driving me crazy.
I ran a few test cases below and found that in most cases release-it behaves as you would expect, except for the minimum config (case 2). Scoped packages are by published publicly by default, as opposed to npm's behavior which leaves them private. This is even more confusing as the documentation suggests that scoped packages will remain private unless declared public -- from the docs below:
A scoped package (e.g. @user/package) is either public or private. To publish scoped packages, make sure this is in package.json:
{
"publishConfig": {
"access": "public"
}
}
By default, npm publish will publish a scoped package as private (requires paid account).
This behavior was introduced by this commit, which suggests this may have been intentional -- however, if a package is marked private then release-it won't publish it to NPM in the first place.
I'm proposing that the behavior should be the following:
If access is set, use access to determine public vs private
If not set, default to the behavior of NPM as this is least surprising.
Thanks @mothershipper! I have simply deprecated the npm.access option, as (not) setting this in package.json is recommended in any case. Just released in v13.3.2. In the next major release I'll remove the option/implementation altogether.
Hi there,
First off, thank you for all the work, this tool is great and has saved me a bunch of time. However, I've now published several (new) private packages as public inadvertently, and it was driving me crazy.
I ran a few test cases below and found that in most cases release-it behaves as you would expect, except for the minimum config (case 2). Scoped packages are by published publicly by default, as opposed to npm's behavior which leaves them private. This is even more confusing as the documentation suggests that scoped packages will remain private unless declared public -- from the docs below:
This behavior was introduced by this commit, which suggests this may have been intentional -- however, if a package is marked
private
then release-it won't publish it to NPM in the first place.I'm proposing that the behavior should be the following:
access
is set, useaccess
to determine public vs privateI've opened a PR here: #630
Testing
Using this as my example
package.json
:Case 1 - NPM Publish
From the CLI
Case 2 - Bare Release-it Config
My
.release-it.json
:From the CLI
Case 3 - Release-it Config (access: restricted)
My
.release-it.json
:From the CLI
Case 4 - Package.json publishConfig
My
package.json
:My
.release-it.json
:From the CLI
The text was updated successfully, but these errors were encountered: