Skip to content

Instantly share code, notes, and snippets.

@adarshaacharya

adarshaacharya/how-to-publish-to-npm.md

Forked from coolaj86/how-to-publish-to-npm.md
Created March 12, 2022 04:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adarshaacharya/749240868694e523d432b79e17fdfdb1 to your computer and use it in GitHub Desktop.
Save adarshaacharya/749240868694e523d432b79e17fdfdb1 to your computer and use it in GitHub Desktop.
Download ZIP
How to publish packages to NPM
Raw
how-to-publish-to-npm.md

Getting Started with NPM (as a developer)

If you haven't already set your NPM author info, now you should:

npm config set init.author.name "Your Name"
npm config set init.author.email "you@example.com"
npm config set init.author.url "https:/yourblog.com"

npm config set init.version "1.0.0"
npm config set init.license "SEE LICENSE IN LICENSE"

npm adduser

Then create a package.json and publish it:

cd /path/to/your-project
npm init

# Bump the version number in package.json (and git tag) before each publish
# (npm also has `npm version major|minor|patch`)
npm version patch -m "an optional description"

npm publish --access=public ./

Tip: Use your @:

npmjs.org is pretty crowded these days, but every user (and organization) has a scope.
I recommend using it.

Your username: npm whoami
Your scope: @ + <your-username>
Your next package: @<username>/<packagename>
Example: @root/async-router

Tip: Check Dependencies:

# Note you may want to use one of these to make sure:
# 1. Your real dependencies are listed in package.json
# 2. Your development only dependencies are in the devDependencies section
# depcheck: https://www.npmjs.com/package/depcheck
# dependency-check: https://www.npmjs.com/package/dependency-check

Beta and Release versions

Typically if you publish something, it should be v1.0.0 (you won't run out of numbers, after all), but it should be at least 0.1.0.

npm config set init.version "1.0.0"

If you don't want something to install by default

npm publish ./ --tag beta

If you published a bugfix as v1.0.7 and need to set v1.1.3 back to latest

git checkout v1.0.7
npm publish ./
   
git checkout v1.1.3
npm dist-tag add foobar@1.1.3 latest

To remove a tag

npm dist-tag rm foobar beta

Private Packages

See The Vanilla DevOps Git Credentials & Private Packages Cheatsheet

Licensing (SPDX Identifiers)

If you don't know which license to choose, then pick MPL-2.0
(open source, but gives you legal protection against bad actors)

npm config set init.license "SEE LICENSE IN LICENSE"

Open Source:

  • Trademark & Brand Safe: MPL-2.0
  • Legally Open Source: Apache-2.0
  • Public Domain: CCO-1.0
  • MIT / ISC - you don't care (not great for CYA)

Dual License:

  • (<x> OR <y>)
  • (MPL-2.0 OR Apache-2.0)

Commercial:

  • SEE LICENSE IN <filename>
  • SEE LICENSE IN LICENSE

Appendix

Live Stream: Publishing @root/uuid to npm

root-uuid npm thumbnail

Install Node + npm

If you haven't already installed node + npm, or you'd like the latest version:

macOS, Linux:

curl -fsS https://webinstall.dev/node | bash

Windows 10/11:

curl.exe -fsSA "MS" https://webinstall.dev/node | powershell

Other Resources

Check out my online course

If this helped you, and if you or someone you know is just getting into development, check out my upcoming online course:

Beyond Code Bootcamp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment