Open ironicnet opened 1 year ago
Currently the makePublishBody already has almost all the info we need.
We are calling the makePublishBody
from the publish command. So we should return that after the await and print it:
I can see a couple more information being useful, but not everything npm displays.
Unlike npm we also tend to differentiate between the output for humans vs the output for robots (--json
). Things like the shasum probably make more sense for the latter than the former.
That being said, name / version / tag name / publish registry are probably safe to show on the regular output - perhaps by reusing the new tree display we use in commands like yarn npm audit
(in 4.x).
Hi, wanted to chime in on another need for this functionality in case it's helpful.
We're looking to generate SLSA provenance for our packages published using the yarn npm publish
command. Since yarn doesn't support the --provenance
option that's available in npm, we'll need to generate provenance manually using the generic SLSA provenance generator with the shasum of the package.
However, yarn npm publish
packs the workspace and publishes the package in a single step, and that artifact isn't written anywhere locally, so we can't manually calculate the shasum for the generated package ourselves. It'd be incredibly useful if yarn npm publish
output the shasum information (even if it's just part of a --json
output) after the publish runs, as there really isn't any other way we can access it (unless there are workarounds I'm not aware of?)
Describe the user story
Currently when publishing a package by using
yarn npm publish
is very unclear which version got published. This is basically the output of ayarn npm publish
:Describe the solution you'd like
This is how the same file contents looked with only
npm publish
:Describe the drawbacks of your solution It may be slower to gather the archive or package details. But nothing else
Describe alternatives you've considered
Why not making it a plugin?