Closed tusharmath closed 8 years ago
Ping @rtfeldman
So I started setting up semantic-release and it wants my npm username and password. I'm not comfortable providing those. Know of any way around that requirement?
I can understand, so you basically need to configure two env variables — NPM_TOKEN
& GH_TOKEN
in your travis build.
NPM_TOKEN
would be available at ~/.npmrc
.GH_TOKEN
can be created here — https://github.com/settings/tokensHm, the thing I'm not comfortable with is giving away access to my npm account. I didn't realize this entailed that, to be honest. Is there no way around that?
Take a look at this link — https://www.npmjs.com/settings/tokens
When you log into npm via the Command Line Interface (CLI), we create a unique identifier that we give to your computer, which is stored in your .npmrc file. The token gives your CLI the ability to do things like publish and unpublish packages, and manage owners and teams. You can share tokens with, for example, CI systems to allow them to download and publish your packages.
@rtfeldman Let me know if you need something else from me.
@tusharmath sorry I didn't follow up about this, but unfortunately this is still a deal-breaker for me:
The token gives your CLI the ability to do things like publish and unpublish packages, and manage owners and teams.
I'm like the idea of auto-generating changelogs, but I'm not willing to give this level of permission to a third-party tool for that convenience.
I really, really appreciate your work on this, but I don't think I'm going to be able to finish the steps necessary for this to happen.