Stats
Actions
Tags
From bopen-tools
Automates npm package publishing with version bumping, changelog updates, git push, and automatic token rotation via agent-browser when auth expires.
How this skill is triggered — by the user, by Claude, or both
Slash command
/bopen-tools:npm-publishThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
**NEVER ask the user for an OTP code.** Auth is handled by scripts + agent-browser.
NEVER ask the user for an OTP code. Auth is handled by scripts + agent-browser.
NEVER run manual npm/bun commands like npm whoami, npm view, bun publish, or npm publish.
You MUST run these scripts. Do NOT skip steps.
bash ${SKILL_DIR}/scripts/preflight.sh
Handles deterministically: version check against npm registry, bump if needed (resets gaps), build, commit log output. Pass minor or major to override default patch bump.
Read the commit log from preflight output. If CHANGELOG.md exists, add entry at top matching existing format. If not, create one. Use the version from preflight output. Categorize: Breaking Changes, Added, Changed, Fixed, Security, Deprecated.
bash ${SKILL_DIR}/scripts/release.sh [--access public]
Commits, pushes, then calls publish.sh. If publish.sh outputs PUBLISH_SUCCESS — done, go to Step 4.
AUTH_FAILEDThe agent must orchestrate token setup. Do NOT call setup-token.sh as one long command. Run it in two phases with user communication between them.
Phase 1 — Fill the form:
bash ${SKILL_DIR}/scripts/setup-token.sh fill
Status codes:
FORM_READY:<username> — form is filled in Chrome, proceed to tell userNOT_LOGGED_IN — tell user: "Sign in to npmjs.com in Chrome, then I'll retry"FORM_NOT_FOUND — tell user: "Could not find the token form. The page may have changed."After getting FORM_READY, tell the user directly (not inside a bash command):
I've opened the npm token creation form in Chrome and filled it out (cli-publish, 7-day, read+write, all packages). Scroll down and click Generate token when ready.
Phase 2 — Capture the token:
bash ${SKILL_DIR}/scripts/setup-token.sh capture
This polls until the token appears on the page, clicks the Copy button, reads from clipboard, writes to ~/.npmrc, and clears clipboard. The token never appears in terminal output.
Status codes:
TOKEN_SAVED — success, retry publishCAPTURE_TIMEOUT — tell user: "Could not capture token. Copy it from Chrome and I'll write it to ~/.npmrc"After TOKEN_SAVED, retry publish:
bash ${SKILL_DIR}/scripts/publish.sh [--access public]
Tell user: "Complete the OTP checkbox in your browser if prompted."
bash ${SKILL_DIR}/scripts/verify.sh <package-name> <version>
Run with run_in_background: true. Exponential backoff (5s, 10s, 20s, 40s, 60s).
Scripts output status codes. The agent interprets them and talks to the user. Script output is hidden inside collapsed bash commands — the user won't see it. All user-facing communication must be direct agent messages OUTSIDE of bash calls.
npx claudepluginhub b-open-io/claude-plugins --plugin bopen-toolsGenerates changelog from git commits, determines semver bump from commit messages or user input, updates package.json, commits/tags/pushes, creates GitHub release, publishes to npm.
Guides npm publishing for @mcp-b monorepo packages using changesets: validate build/test/typecheck, create/apply changesets for version bumps and CHangelogs, NPM_TOKEN auth, pnpm publish -r in topological order.
配置 npm 包通过 GitHub Actions 自动发布到 npmjs.com。使用 OIDC Trusted Publishing(无需 npm token)。 当用户提到"发布 npm"、"npm publish"、"配置 npm 自动发布"、"npm 包发布"、"设置 npm CI/CD"、 "把包发到 npm"、"npm trusted publishing"、"OIDC 发布"时使用此技能。 也适用于用户已有项目想添加 npm 自动发布流程的场景,或者 npm publish 失败需要排查的场景。