Stats
Actions
Tags
From typescript-plugin
Configures package.json for publishing Bun-built npm packages, packages CLI binaries, enables provenance signing, and sets up release automation. Useful for Bun-to-npm publishing workflows.
How this skill is triggered — by the user, by Claude, or both
Slash command
/typescript-plugin:bun-publishinghaikuThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Publishing npm packages built with Bun:
Publishing npm packages built with Bun:
{
"name": "@org/package-name",
"version": "1.0.0",
"description": "Package description",
"main": "build/index.js",
"type": "module",
"publishConfig": {
"access": "public"
},
"files": [
"build/",
"README.md",
"LICENSE"
],
"scripts": {
"build": "tsc && chmod +x build/index.js",
"prepublishOnly": "bun run build"
},
"engines": {
"node": ">=20.0.0",
"bun": ">=1.0.0"
}
}
| Field | Purpose |
|---|---|
publishConfig.access | public required for scoped packages |
files | Whitelist of files/dirs to include in tarball |
main | Entry point for CommonJS/ES import |
type | module for ESM, commonjs for CJS |
engines | Runtime version requirements |
prepublishOnly | Runs before npm publish |
Scoped packages (@org/name) require explicit public access:
{
"name": "@myorg/mypackage",
"publishConfig": {
"access": "public"
}
}
Or use the CLI flag:
npm publish --access public
{
"bin": {
"mycli": "build/index.js"
}
}
For single-command packages:
{
"bin": "build/index.js"
}
Entry point requires shebang and executable permission:
#!/usr/bin/env node
// build/index.js
import { main } from "./main.js";
main();
Build script must set permissions:
{
"scripts": {
"build": "tsc && chmod +x build/index.js"
}
}
build-prod:
rm -rf build
tsc --declaration --sourceMap
chmod +x build/index.js
publish: build-prod
npm publish --access public
# Standard publish (runs prepublishOnly)
npm publish
# Scoped package (requires --access public)
npm publish --access public
# Dry run to verify contents
npm publish --dry-run
# View what would be published
npm pack --dry-run
Supply chain security via npm provenance:
npm publish --provenance --access public
Requires:
id-token: write permission in workflow{
"files": [
"build/",
"README.md",
"LICENSE"
]
}
| Include | Examples |
|---|---|
| Build output | build/, dist/ |
| Type definitions | *.d.ts (usually in build) |
| Documentation | README.md, LICENSE |
| Config scripts | User-facing setup scripts |
Already excluded by npm (no need to list):
node_modules/.git/.env**.logExplicitly exclude via .npmignore if needed:
src/
tests/
*.test.ts
.github/
.github/workflows/release-please.yml:
name: Release Please
on:
push:
branches: [main]
permissions:
contents: write
pull-requests: write
id-token: write
jobs:
release-please:
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
- uses: google-github-actions/release-please-action@v4
id: release
with:
release-type: node
package-name: mypackage
publish:
needs: release-please
if: ${{ needs.release-please.outputs.release_created == 'true' }}
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 24
registry-url: https://registry.npmjs.org
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- run: bun install --frozen-lockfile
- run: bun run build
- run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
| Commit Type | Version Bump |
|---|---|
feat: | Minor (1.x.0) |
fix: | Patch (1.0.x) |
feat!: or BREAKING CHANGE: | Major (x.0.0) |
chore:, docs:, refactor: | No bump |
{
"scripts": {
"prepublishOnly": "bun run build"
}
}
# Type check
bun run tsc --noEmit
# Lint
bun run check
# Test
bun test
# Build
bun run build
# Verify tarball contents
npm pack --dry-run
Complete metadata for npm and GitHub:
{
"repository": {
"type": "git",
"url": "https://github.com/org/repo.git"
},
"homepage": "https://github.com/org/repo#readme",
"bugs": {
"url": "https://github.com/org/repo/issues"
},
"keywords": ["keyword1", "keyword2"],
"author": "Name <email>",
"license": "MIT"
}
| Context | Command |
|---|---|
| Preview tarball | npm pack --dry-run |
| Preview publish | npm publish --dry-run |
| Scoped publish | npm publish --access public |
| Provenance | npm publish --provenance --access public |
| Check outdated | npm outdated |
| View package | npm view @org/pkg |
| Flag | Description |
|---|---|
--access public | Required for scoped packages |
--provenance | Enable supply chain provenance |
--dry-run | Preview without publishing |
--tag <tag> | Publish with dist-tag (e.g., beta) |
| Script | When It Runs |
|---|---|
prepublish | Before pack and publish (deprecated) |
prepublishOnly | Before publish only |
prepack | Before pack and publish |
postpack | After pack |
postpublish | After publish |
| Variable | Purpose |
|---|---|
NODE_AUTH_TOKEN | npm authentication |
NPM_TOKEN | Alternative npm token name |
Scoped package 402 error:
# Add --access public for scoped packages
npm publish --access public
Missing files in tarball:
# Check what's included
npm pack --dry-run
# Verify files array in package.json
Binary not executable after install:
# Ensure shebang in entry point
#!/usr/bin/env node
# Ensure chmod in build script
chmod +x build/index.js
npx claudepluginhub laurigates/claude-plugins --plugin typescript-pluginPublishes packages to npm registry after Bun build, with type checking, tarball verification, dry-run previews, scoped access handling, provenance signing, and post-publish details.
Automates npm package publishing with version bumping, changelog updates, git push, and automatic token rotation via agent-browser when auth expires.
配置 npm 包通过 GitHub Actions 自动发布到 npmjs.com。使用 OIDC Trusted Publishing(无需 npm token)。 当用户提到"发布 npm"、"npm publish"、"配置 npm 自动发布"、"npm 包发布"、"设置 npm CI/CD"、 "把包发到 npm"、"npm trusted publishing"、"OIDC 发布"时使用此技能。 也适用于用户已有项目想添加 npm 自动发布流程的场景,或者 npm publish 失败需要排查的场景。