🚀 A tiny CLI to assist with setting up GitHub workflows for publishing packages to npm.
npm install -g @e18e/setup-publishOr you can use npx:
npx @e18e/setup-publish# If installed globally
setup-publish
# Or using npx
npx @e18e/setup-publish- Granular permissions - Each workflow step has minimal required permissions
- SHA-pinned actions - GitHub actions referenced by commit SHA for security
- Install scripts disabled - Prevents malicious package install scripts from running
- Separated jobs - Build and publish run as independent jobs for better isolation
- Secure publish - Publish job only uploads pre-built artifacts, no external code execution
By default, the CLI runs in interactive mode, prompting you for configuration options. You can also provide options directly via the command line with --no-interactive to skip the prompts entirely.
| Option | Description | Default | Available Values |
|---|---|---|---|
--output <path> |
Output path for the generated workflow file | .github/workflows/publish.yml |
Any valid file path |
--template <name> |
Template to use for workflow generation | default |
|
--env <env> |
GitHub environment for deployment protection | none | Any environment name |
--interactive |
Run CLI in interactive mode | true |
boolean |
setup-publish# Generate workflow with changesets template
setup-publish --no-interactive --template changesets
# Custom output path with GitHub environment
setup-publish --no-interactive --output .github/workflows/release.yml --env production
# Use changelogithub template with custom environment
setup-publish --no-interactive --template changelogithub --env stagingManual GitHub release management - this is the most baic setup, allowing you to create releases manually via GitHub's interface.
Automated changelog generation using changelogithub - ideal for projects following conventional commits.
Automated releases with changesets - great for monorepos and coordinated releases.
MIT