← Home

@semantic-release/npm

npm Repository Homepage

semantic-release plugin to publish a npm package

11
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pvdlgsemantic-release-botgr2mtravi

Keywords

npmpublishregistrysemantic-releaseversion

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): semantic-release/npm uses GitHub Actions CI/CD with semantic-release for automated publishing; transition from semantic-release-bot to GitHub Actions is the expected workflow for this project. ai
phantom-deps phantom-dep:npm AI (phantom-deps): npm is a legitimate runtime dependency for this package — it wraps npm CLI functionality. Referenced in config files is expected behavior, not a phantom dep. ai

Versions (showing 11 of 111)

Version Deps Published
2.4.1 9 / 19
2.4.0 9 / 19
2.3.2 9 / 19
2.3.1 9 / 18
2.3.0 9 / 18
2.2.0 8 / 18
2.1.2 8 / 18
2.1.1 8 / 18
2.1.0 8 / 18
2.0.0 8 / 18
1.0.0 7 / 24