Skip to content

chore(release): ship npm wrapper and install-method guidance#34

Merged
dipto0321 merged 1 commit into
mainfrom
chore/release/nodeup-npm-wrapper
Jul 1, 2026
Merged

chore(release): ship npm wrapper and install-method guidance#34
dipto0321 merged 1 commit into
mainfrom
chore/release/nodeup-npm-wrapper

Conversation

@dipto0321

Copy link
Copy Markdown
Owner

Summary

Adds nodeup-npm/, the pinned-version npm distribution channel that
closes the remaining piece of Phase 7 (issue #17). The wrapper is a
thin downloader:

  • scripts/check.js — preinstall platform/arch matrix check
    (matches GoReleaser's archive naming; fails fast on
    freebsd/openbsd/ia32/arm/ppc64/s390x)
  • scripts/install.js — postinstall downloader that fetches the
    matching static Go binary from the GitHub release tagged by
    binaryVersion in package.json
  • package.json — pins binaryVersion: "1.0.0"; the wrapper and
    binary move together, bumped in the same PR
  • LICENSE, README.md, .npmignore — supporting files for the
    wrapper itself

Pinned-version style was chosen over fetching latest so that
npm install is reproducible (same package version → same binary
version) and so npm update -g nodeup never produces a surprise
major-version bump from a fresh latest tag.

Also reworks the README.md Installation section and
docs/installation.md with a who-should-use-which matrix. Each
channel now spells out the persona it fits and the tradeoffs —
especially the npm wrapper's Node-coupling and one-release lag, which
make Homebrew/Scoop/direct-binary the better fit for nvm/fnm/
Volta users.

Linked issues

Closes #17

Type of change

  • feat — new feature (MINOR bump)
  • fix — bug fix (PATCH bump)
  • refactor — no behavior change
  • docs — documentation only
  • chore — maintenance / dependency bump
  • chore — release / distribution channel
  • ci — CI/CD only
  • build — build system only
  • Breaking change (MAJOR bump) — explain below

Checklist

  • Title follows Conventional Commits (chore(release): subject)
  • I ran make ci locally (build + test + vet pass; golangci-lint
    v2.12.2 on this dev box doesn't accept the older output.formats
    map shape in .golangci.yml — that's a pre-existing local-env
    mismatch unrelated to this PR; CI pins the right version)
  • I added or updated tests for the change — N/A, the wrapper is
    JS scripts under nodeup-npm/; integration is covered by the
    first npm-publish smoke test in the release checklist
  • I updated relevant docs (README, docs/installation.md,
    nodeup-npm/README.md)
  • No new linter warnings (the pre-existing one isn't new)
  • If breaking: I documented the migration path in the PR body and updated CHANGELOG.md — N/A, not breaking

Scope notes / things reviewers may want to look at

  • Phase 7 status. This closes the npm-wrapper arm of chore(release): finalize GoReleaser config and npm wrapper #17.
    homebrew-tap and scoop-bucket secrets are already wired up
    (issue chore(release): finalize GoReleaser config and npm wrapper #17's secret checklist). What's still open after this PR:
    • The .goreleaser.yaml brews: / scoops: blocks (if not
      already present — I didn't audit .goreleaser.yaml in this PR).
    • The first v1.0.0 tag push + cross-platform smoke tests.
    • nodeup-npm actually being published to the npm registry
      (npm publish from nodeup-npm/ after npm login).
  • No new tests. The wrapper scripts (check.js, install.js)
    are intentionally small and self-contained — the failure modes
    (HTTP errors, missing binaries, platform mismatch) are exercised
    by the first npm install -g nodeup smoke test, not unit tests.
    Adding a fake-HTTP Mocha suite would test the install script
    against a mocked GitHub but not the real release pipeline, which
    is what we actually care about.
  • .npmignore. Excludes bin/ (populated at install time by
    install.js) and the local dev scratch under nodeup-npm/. The
    published tarball is exactly: scripts/install.js,
    scripts/check.js, README.md, LICENSE, plus the auto-derived
    package.json.
  • Doc audit, not a doc rewrite. Both README.md and
    docs/installation.md had a flat list of channels with copy-paste
    install commands. They now have a comparison matrix + per-channel
    "who this is for / tradeoffs" sections. The deeper doc
    (docs/installation.md) also gets a "pick once and stick" footer
    to discourage mixing channels.

Screenshots / output

N/A — distribution-channel change, no user-visible UI.

How to verify locally

# 1. validate the wrapper scripts parse + behave on this platform
node -c nodeup-npm/scripts/install.js
node -c nodeup-npm/scripts/check.js
node nodeup-npm/scripts/check.js   # exits 0 on supported platform

# 2. inspect what `npm publish` would actually ship
cd nodeup-npm && npm pack --dry-run && cd ..

Real end-to-end verification (npm install -g nodeup) requires the
first v1.0.0 release tag to exist on GitHub — that's still in the
release checklist.

Adds nodeup-npm/, the pinned-version npm distribution channel
that's the remaining piece of Phase 7 (issue #17). The wrapper is a
thin downloader: scripts/check.js validates the OS/arch matrix at
preinstall time, scripts/install.js downloads the static Go binary
matching package.json's binaryVersion field at postinstall time.

Pinned-version design (rather than fetching "latest") so the wrapper
and the Go binary move together - bumped in the same PR, tested
together, shipped together.

Also reworks the Installation section of the README and
docs/installation.md with a who-should-use-which matrix. Each
channel now states the persona it fits (Homebrew user, Scoop user,
npm-globals user, locked-down env, contributor) and the tradeoffs
(especially the npm wrapper's Node-coupling and one-release lag).

Co-Authored-By: Sonnet 4.6 <noreply@puku.sh>
@cocogitto-bot

cocogitto-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

✔️ f5cead7 - Conventional commits check succeeded.

@dipto0321 dipto0321 merged commit 0b62c6f into main Jul 1, 2026
10 checks passed
@dipto0321 dipto0321 deleted the chore/release/nodeup-npm-wrapper branch July 1, 2026 19:51
dipto0321 added a commit that referenced this pull request Jul 1, 2026
…ecklist (#36)

Fills the gap left after #34 shipped the wrapper source into
nodeup-npm/. The wrapper now exists on a clean install-from-tarball
path, but publishing it to the npmjs.com registry is a manual step
that's distinct from the GitHub release flow:

- npmjs.com account + 2FA (authenticator mode) prereq
- the v1.0.0 GitHub release has to exist before `npm publish`,
  because scripts/install.js fetches from the matching tag
- the publish flow with OTP prompt and a `npm pack --dry-run`
  pre-flight to confirm only the 5 expected files ship
- a note on automating later via NPM_TOKEN, after the first manual
  publish has confirmed the account + package name wiring

Tracking issue: #35.

Co-authored-by: dipto0321 <dipto@local>
Co-authored-by: Sonnet 4.6 <noreply@puku.sh>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore(release): finalize GoReleaser config and npm wrapper

1 participant