Skip to content

Commit c6e8cec

Browse files
mcousmcous
committed
docs: add usage warning to steer folks to first-party tools
1 parent d9dc932 commit c6e8cec

File tree

1 file changed

+32
-1
lines changed

1 file changed

+32
-1
lines changed

README.md

Lines changed: 32 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
[![License](https://img.shields.io/npm/l/@jsdevtools/npm-publish.svg)](LICENSE)
77
[![Buy us a tree](https://img.shields.io/badge/Treeware-%F0%9F%8C%B3-lightgreen)](https://plant.treeware.earth/JS-DevTools/npm-publish)
88

9-
Publish packages to npm automatically in GitHub Actions by updating the version number.
9+
Publish packages to npm automatically in GitHub Actions whenever a change to your package's `version` field is detected.
1010

1111
- [Change log][releases]
1212
- [v3 to v4 migration guide](#v3-to-v4)
@@ -15,6 +15,37 @@ Publish packages to npm automatically in GitHub Actions by updating the version
1515

1616
[releases]: https://github.com/JS-DevTools/npm-publish/releases
1717

18+
## ⚠️ You probably don't need this!
19+
20+
This action automates a specific kind of continuous deployment to `npm`, where you want to publish whenever the `version` field in `package.json` changes on your `main` branch. If you prefer to publish on tags, or are using an alternative package manager like `pnpm`, you don't need this action! Simply configure `setup-node` with its `registry-url` option and call your package manager's `publish` command directly. This is more secure than relying on a third-party action like this one, and is more customizable.
21+
22+
```yaml
23+
# Publish to npm whenever a tag is pushed
24+
name: Publish to npm
25+
on:
26+
push:
27+
tags: v*
28+
jobs:
29+
build:
30+
runs-on: ubuntu-latest
31+
permissions:
32+
contents: read
33+
id-token: write
34+
steps:
35+
- uses: actions/checkout@v5
36+
- uses: actions/setup-node@v4
37+
with:
38+
node-version: "24"
39+
registry-url: "https://registry.npmjs.org"
40+
- run: npm ci
41+
- run: npm test
42+
- run: npm publish --provenance --ignore-scripts
43+
env:
44+
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
45+
```
46+
47+
See [GitHub's Node.js publishing guide](https://docs.github.com/en/actions/tutorials/publish-packages/publish-nodejs-packages) for more details and examples.
48+
1849
## Features
1950
2051
- 🧠 **Smart**

0 commit comments

Comments
 (0)