Skip to content

docs(release): document the npm wrapper publish step in the v1.0.0 checklist#36

Merged
dipto0321 merged 1 commit into
mainfrom
chore/release/npm-publish-checklist
Jul 1, 2026
Merged

docs(release): document the npm wrapper publish step in the v1.0.0 checklist#36
dipto0321 merged 1 commit into
mainfrom
chore/release/npm-publish-checklist

Conversation

@dipto0321

Copy link
Copy Markdown
Owner

Summary

Adds the npm-publish step to docs/release-checklist.md's post-tag
section, with the prerequisites, the exact commands, and a note on
automating later. Tracks the manual work in #35 — it's a release-time
step, not a code PR, so it doesn't block any of the open issues.

The wrapper source itself shipped in #34 (nodeup-npm/ in the
repo). What this PR adds is the human-side checklist for
shipping it to npmjs.com.

Linked issues

Refs #35 (tracking issue for the manual publish step at v1.0.0 cut)

Type of change

  • feat — new feature (MINOR bump)
  • fix — bug fix (PATCH bump)
  • refactor — no behavior change
  • docs — documentation only
  • chore — maintenance / dependency bump
  • ci — CI/CD only
  • build — build system only
  • Breaking change (MAJOR bump) — explain below

Checklist

  • Title follows Conventional Commits (docs(release): subject)
  • I ran make ci locally — docs-only, no code change
  • I added or updated tests for the change — N/A, docs only
  • I updated relevant docs (this PR IS the doc update)
  • No new linter warnings

Scope notes / things reviewers may want to look at

  • Pre-flight validated. Ran npm pack --dry-run from
    nodeup-npm/ after the chore(release): ship npm wrapper and install-method guidance #34 merge and confirmed the tarball ships
    exactly the 5 expected files: LICENSE, README.md,
    package.json, scripts/check.js, scripts/install.js. Total
    unpacked 14.3 kB. The .npmignore is doing its job — no bin/,
    no .npmignore itself, no node_modules.
  • Why "don't automate the first publish." Two reasons:
    1. The npm package name nodeup has to be claimed on npmjs.com
      before any publish can succeed, and that claim is a one-time
      manual step in the npm UI.
    2. The first npm publish against a 2FA-enabled account is the
      moment to sanity-check what you're shipping — once you've got
      the workflow trust chain, automation is fine, but the first
      click is best done by hand.
  • OTP behavior. Documented the flow: npm login doesn't ask
    for OTP, but npm publish does. Keep the authenticator open.

Screenshots / output

$ npm pack --dry-run
npm notice 📦  nodeup@1.0.0
npm notice Tarball Contents
npm notice 1.1kB LICENSE
npm notice 3.4kB README.md
npm notice 940B package.json
npm notice 1.9kB scripts/check.js
npm notice 6.9kB scripts/install.js
npm notice total files: 5

…ecklist

Fills the gap left after #34 shipped the wrapper source into
nodeup-npm/. The wrapper now exists on a clean install-from-tarball
path, but publishing it to the npmjs.com registry is a manual step
that's distinct from the GitHub release flow:

- npmjs.com account + 2FA (authenticator mode) prereq
- the v1.0.0 GitHub release has to exist before `npm publish`,
  because scripts/install.js fetches from the matching tag
- the publish flow with OTP prompt and a `npm pack --dry-run`
  pre-flight to confirm only the 5 expected files ship
- a note on automating later via NPM_TOKEN, after the first manual
  publish has confirmed the account + package name wiring

Tracking issue: #35.

Co-Authored-By: Sonnet 4.6 <noreply@puku.sh>
@cocogitto-bot

cocogitto-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

✔️ 29c7105 - Conventional commits check succeeded.

@dipto0321 dipto0321 merged commit 95370ac into main Jul 1, 2026
10 checks passed
@dipto0321 dipto0321 deleted the chore/release/npm-publish-checklist branch July 1, 2026 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant