libnpmpublish

![npm version](https://npm.im/libnpmpublish)
![license](https://npm.im/libnpmpublish)
![CI - libnpmpublish](https://github.com/npm/cli/actions/workflows/ci-libnpmpublish.yml)

libnpmpublish is a Node.js
library for programmatically publishing and unpublishing npm packages. Give
it a manifest as an object and a tarball as a Buffer, and it'll put them on
the registry for you.

* Example
* Install
* API
* publish/unpublish opts
* publish()
* unpublish()

Example

``js const { publish, unpublish } = require('libnpmpublish')`

`Install`

$ npm install libnpmpublish

`$3`

#### opts for libnpmpublish commands

libnpmpublishusesnpm-registry-fetch. Most options are passed through directly to that library, so please refer to its ownopts documentationfor options that can be passed in.

A couple of options of note:

* opts.defaultTag- registers the published package with the given tag, defaults tolatest.

* opts.access- tells the registry whether this package should be published aspublic or restricted. Only applies to scoped packages. Defaults topublic.

* opts.token- can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.

* opts.provenance- when running in a supported CI environment, will trigger the generation of a signed provenance statement to be published alongside the package. Mutually exclusive with theprovenanceFile option.

* opts.provenanceFile- specifies the path to an externally-generated provenance statement to be published alongside the package. Mutually exclusive with theprovenanceoption. The specified file should be a Sigstore Bundle containing a DSSE-packaged provenance statement.

#### > libpub.publish(manifest, tarData, [opts]) -> Promise

Sends the package represented by the manifest and tarDatato the configured registry.

manifest should be the parsed package.jsonfor the package being published (which can also be the manifest pulled from a packument, a git repo, tarball, etc.)

tarData is a Buffer of the tarball being published.

If opts.npmVersion is passed in, it will be used as the _npmVersionfield in the outgoing packument. You may put your own user-agent string in there to identify your publishes.

If opts.algorithmsis passed in, it should be an array of hashing algorithms to generateintegrity hashes for. The default is ['sha512'], which means you end up withdist.integrity = 'sha512-deadbeefbadc0ffee'. Any algorithm supported by your current node version is allowed -- npm clients that do not support those algorithms will simply ignore the unsupported hashes.

##### Example

`js // note that pacote.manifest() and pacote.tarball() can also take // any spec that npm can install. a folder shown here, since that's // far and away the most common use case. const path = '/a/path/to/your/source/code' const pacote = require('pacote') // see: http://npm.im/pacote const manifest = await pacote.manifest(path) const tarData = await pacote.tarball(path) await libpub.publish(manifest, tarData, { npmVersion: 'my-pub-script@1.0.2', token: 'my-auth-token-here' }, opts) // Package has been published to the npm registry.`

#### > libpub.unpublish(spec, [opts]) -> Promise

Unpublishes specfrom the appropriate registry. The registry in question may have its own limitations on unpublishing.

specshould be either a string, or a validnpm-package-argparsed spec object. For legacy compatibility reasons, onlytag and versionspecs will work as expected.range specs will fail silently in most cases.

##### Example

`js await libpub.unpublish('lodash', { token: 'i-am-the-worst'}) // //lodashhas now been unpublished, along with all its versions``

libnpmpublish

![npm version](https://npm.im/libnpmpublish)
![license](https://npm.im/libnpmpublish)
![CI - libnpmpublish](https://github.com/npm/cli/actions/workflows/ci-libnpmpublish.yml)

* Example
* Install
* API
* publish/unpublish opts
* publish()
* unpublish()

Example

``js const { publish, unpublish } = require('libnpmpublish')`

`Install`

$ npm install libnpmpublish

`$3`

#### opts for libnpmpublish commands

libnpmpublishusesnpm-registry-fetch. Most options are passed through directly to that library, so please refer to its ownopts documentationfor options that can be passed in.

A couple of options of note:

* opts.defaultTag- registers the published package with the given tag, defaults tolatest.

* opts.access- tells the registry whether this package should be published aspublic or restricted. Only applies to scoped packages. Defaults topublic.

* opts.token- can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.

#### > libpub.publish(manifest, tarData, [opts]) -> Promise

Sends the package represented by the manifest and tarDatato the configured registry.

manifest should be the parsed package.jsonfor the package being published (which can also be the manifest pulled from a packument, a git repo, tarball, etc.)

tarData is a Buffer of the tarball being published.

If opts.npmVersion is passed in, it will be used as the _npmVersionfield in the outgoing packument. You may put your own user-agent string in there to identify your publishes.

##### Example

#### > libpub.unpublish(spec, [opts]) -> Promise

Unpublishes specfrom the appropriate registry. The registry in question may have its own limitations on unpublishing.

##### Example

`js await libpub.unpublish('lodash', { token: 'i-am-the-worst'}) // //lodashhas now been unpublished, along with all its versions``

libnpmpublish

Dist Tags

libnpmpublish

Table of Contents

Example

`Install`

`$3`

libnpmpublish

Dist Tags

libnpmpublish

Table of Contents

Example

`Install`

`$3`