Package Publisher
CautionAutomate npm/PyPI package publishing with semantic versioning, changelog generation, CI/CD release pipelines, and provenance attestation.
$ Copy the SKILL.md file to .claude/skills/package-publisher.md About This Skill
Package Publisher automates the entire release lifecycle for npm and PyPI packages, from version bumping to registry publishing with cryptographic provenance.
Semantic Versioning
Integrates semantic-release (npm) or python-semantic-release (PyPI) to automatically determine the next version from conventional commits. `fix:` bumps patch, `feat:` bumps minor, `feat!:` or `BREAKING CHANGE:` bumps major.
npm Publishing
- Generates `.releaserc.json` with plugins: commit-analyzer, release-notes-generator, changelog, npm, git, github
- Publishes with `--provenance` flag for npm v9+ supply chain attestation
- Supports scoped packages and dist-tags (alpha/beta/latest)
- Dual CJS+ESM builds with package.json `exports` map
PyPI Publishing
- Uses OIDC trusted publisher (no API token needed) with `pypa/gh-action-pypi-publish`
- Generates `pyproject.toml` with hatchling build backend
- Publishes to TestPyPI on PRs, production PyPI on main branch
Changelog
Keeps CHANGELOG.md in Keep a Changelog format, auto-updated on each release. Includes GitHub release notes with contributor attribution.
Pre-release Channels
Configures `next` branch for beta releases and `alpha` branch for canary releases, each publishing to their respective dist-tags.
Use Cases
- Setting up semantic-release for fully automated npm package publishing
- Configuring PyPI publishing with trusted publishers (OIDC, no secrets)
- Generating CHANGELOG.md from conventional commit messages
- Adding npm provenance attestation for supply chain security
Pros & Cons
Pros
- +Fully automated releases triggered by conventional commits
- +PyPI OIDC trusted publisher eliminates long-lived secrets
- +npm provenance attestation improves supply chain security
- +Changelog and GitHub releases generated automatically
Cons
- -Conventional commit discipline required from all contributors
- -Initial registry setup (npm org, PyPI trusted publisher) is a manual one-time step
Related AI Tools
GitHub Copilot
AI pair programmer that suggests code in real time across your IDE
- Real-time code completions across 30+ languages
- Copilot Chat for natural language code Q&A
- Pull request description and summary generation
Claude Code
Anthropic's agentic CLI for autonomous terminal-native coding workflows
- Terminal-native autonomous coding agent
- Full file system and shell access for multi-step tasks
- Deep codebase understanding via repository indexing
Warp
AI-native terminal with natural language command generation and debugging
- Natural language to shell command generation
- AI-powered command explanation and debugging
- Block-based terminal output organization
Related Skills
GitHub Actions
Creates and optimizes GitHub Actions workflows for CI/CD pipelines, automated testing, deployment, release management, and repository automation.
CI/CD Pipeline Builder
Configure CI/CD pipelines for GitHub Actions, GitLab CI, and other platforms with testing, building, and deployment stages.
Changelog Generator
Release notes agent that reads git history, groups commits by type, and produces formatted changelogs following Keep a Changelog conventions.
FAQ
What does Package Publisher do?
What platforms support Package Publisher?
What are the use cases for Package Publisher?
What tools work with Package Publisher?
100+ free AI tools
Writing, PDF, image, and developer tools — all in your browser.
Next Step
Use the skill detail page to evaluate fit and install steps. For a direct browser workflow, move into a focused tool route instead of staying in broader support surfaces.