Package Publisher
CautionAutomate npm/PyPI package publishing with semantic versioning, changelog generation, CI/CD release pipelines, and provenance attestation.
Install
Claude Code
Copy the SKILL.md file to .claude/skills/package-publisher.md About This Skill
Package Publisher automates the entire release lifecycle for npm and PyPI packages, from version bumping to registry publishing with cryptographic provenance.
Semantic Versioning
Integrates semantic-release (npm) or python-semantic-release (PyPI) to automatically determine the next version from conventional commits. `fix:` bumps patch, `feat:` bumps minor, `feat!:` or `BREAKING CHANGE:` bumps major.
npm Publishing
- Generates `.releaserc.json` with plugins: commit-analyzer, release-notes-generator, changelog, npm, git, github
- Publishes with `--provenance` flag for npm v9+ supply chain attestation
- Supports scoped packages and dist-tags (alpha/beta/latest)
- Dual CJS+ESM builds with package.json `exports` map
PyPI Publishing
- Uses OIDC trusted publisher (no API token needed) with `pypa/gh-action-pypi-publish`
- Generates `pyproject.toml` with hatchling build backend
- Publishes to TestPyPI on PRs, production PyPI on main branch
Changelog
Keeps CHANGELOG.md in Keep a Changelog format, auto-updated on each release. Includes GitHub release notes with contributor attribution.
Pre-release Channels
Configures `next` branch for beta releases and `alpha` branch for canary releases, each publishing to their respective dist-tags.
Use Cases
- Setting up semantic-release for fully automated npm package publishing
- Configuring PyPI publishing with trusted publishers (OIDC, no secrets)
- Generating CHANGELOG.md from conventional commit messages
- Adding npm provenance attestation for supply chain security
Pros & Cons
Pros
- + Fully automated releases triggered by conventional commits
- + PyPI OIDC trusted publisher eliminates long-lived secrets
- + npm provenance attestation improves supply chain security
- + Changelog and GitHub releases generated automatically
Cons
- - Conventional commit discipline required from all contributors
- - Initial registry setup (npm org, PyPI trusted publisher) is a manual one-time step
Related AI Tools
GitHub Copilot
Freemium
AI pair programmer that suggests code in real time across your IDE
- Real-time code completions across 30+ languages
- Copilot Chat for natural language code Q&A
- Pull request description and summary generation
Claude Code
Paid
Anthropic's agentic CLI for autonomous terminal-native coding workflows
- Terminal-native autonomous coding agent
- Full file system and shell access for multi-step tasks
- Deep codebase understanding via repository indexing
Warp
Freemium
AI-native terminal with natural language command generation and debugging
- Natural language to shell command generation
- AI-powered command explanation and debugging
- Block-based terminal output organization
Related Skills
GitHub Actions
CautionCreates and optimizes GitHub Actions workflows for CI/CD pipelines, automated testing, deployment, release management, and repository automation.
CI/CD Pipeline Builder
CautionConfigure CI/CD pipelines for GitHub Actions, GitLab CI, and other platforms with testing, building, and deployment stages.
Changelog Generator
CautionRelease notes agent that reads git history, groups commits by type, and produces formatted changelogs following Keep a Changelog conventions.
Stay Updated on Agent Skills
Get weekly curated skills + safety alerts
每周精选 Skills + 安全预警