npm

npm copied to clipboard

npm publish fails / `npm publish <folder>` publishes from cwd folder

14

I have configured `semantic-release/npm` with `pkgRoot = './dist'` On CI/CD command is `npx -w my-package semantic-release` CI run 28 Logs: ``` [1:20:01 PM] [semantic-release] [@semantic-release/git] › ℹ Prepared Git release:...

unlight

chore(deps): update dependency got to v12

1

[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [got](https://togithub.com/sindresorhus/got) | [`11.8.5` -> `12.3.0`](https://renovatebot.com/diffs/npm/got/11.8.5/12.3.0) | [](https://docs.renovatebot.com/merge-confidence/)...

renovate[bot]

chore(npm-dependency): upgrades npm to 8.11.0 to resolve security vulnerability.

11

* See https://github.com/advisories/GHSA-hj9c-8jmm-8c52 * Our team was made aware of that vulnerability by `yarn audit`, it does not show up in our dependabot alerts, which may be way it has...

mdombrowski1997

Allow to use pnpm as a publish utility

15

## The issue I use [pnpm](https://pnpm.js.org/) for monorepo management and semantic-release for publishing new releases. [pnpm supports `workspace:` protocol](https://pnpm.js.org/en/workspaces#workspace-ranges-workspace) in package.json, so the packages in monorepo can be always linked...

stalniy

Bumps [terser](https://github.com/terser/terser) from 5.13.1 to 5.14.2. Changelog Sourced from terser's changelog. v5.14.2 Security fix for RegExps that should not be evaluated (regexp DDOS) Source maps improvements (#1211) Performance improvements in...

dependabot[bot]

chore(deps): update dependency xo to v0.39.1

1

[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [xo](https://togithub.com/xojs/xo) | [`0.36.1` -> `0.39.1`](https://renovatebot.com/diffs/npm/xo/0.36.1/0.39.1) | [](https://docs.renovatebot.com/merge-confidence/)...

renovate[bot]

[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ava](https://avajs.dev) ([source](https://togithub.com/avajs/ava)) | [`4.2.0` -> `4.3.1`](https://renovatebot.com/diffs/npm/ava/4.2.0/4.3.1) |...

renovate[bot]

fix: drop npm dependency

11

closes #434 relates #270 alternative #445 https://github.com/semantic-release/npm/issues/434#issuecomment-999870524 > Suggestion: remove npm dependency. I [still believe](https://github.com/semantic-release/npm/pull/270) that the plugin always invokes global `npm`, so this dependency is completely useless. > >...

antongolub

``` { "branches": [ "master" ], "plugins": [ "@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", "@semantic-release/changelog", [ "@semantic-release/npm", { "pkgRoot": "dist", "npmPublish": false } ], [ "@semantic-release/gitlab", { "assets": [ "dist/**" ] } ], [...

astronautchen

semantic-release/npm version 9.0.1 is locked into: ``` "peerDependencies": { "semantic-release": ">=19.0.0" } ``` This version has a known vulnerability -> https://github.ibm.com/advisories/GHSA-x2pg-mjhr-2m5x Proposal: Upgrade semantic-release to version 19.0.3 or later and...

ocofaigh