Thomas DerflingerThoughts by Thomas Derflinger
cover image
Web

Checklist for Publishing NPM Packages

Checklists can be useful tools to handle the complexities of modern life. Used by pilots and other professions handling complex tasks, checklists can also be useful for software developers. Read more in this article about a quality checklist for publishing NPM packages.

Why Checklists

Many professions need to handle today more complex and more specialized tasks than ever. As author Atul Gawande argues in his book "The Checklist Manifesto" (2010, Picador, New York), checklists can be a valuable tool to tackle complexity in a variety of tasks. They enable software developers to repeatably handle complex tasks like releasing an NPM package.

Using checklists, the software developer can be sure she misses no critical element of releasing an NPM package. This will lead to more quality and higher reliability. Another effect is that checklists enable team members to better communicate and solve problems faster.

This is why I want to present my version of the checklist for releasing packages on NPM.

Documentation

  • Is your documentation up-to-date? Do you have at least a README.md file?
  • Have you added the release notes?

Package.json

  • Do you have all necessary fields filled out in the package.json?
  • Have you filled out the name and description and author (including author webpage url) fields?
  • Is the license field filled out?
  • If you have a website, is the homepage field filled in?
  • Do you use a bug tracker? If so, is the bugs url field entered?

Versioning

  • Semantic versioning (semver) is recommended. Do you adhere to it and have you updated the version field in the package.json ?

Testing

  • Have you added unit and/or E2E tests?
  • Are the tests automatically executed in your CI pipeline?
  • Have you tested your package as it is used by another developer? Try the npm pack or npm link commands. Alternatively, try the workspaces feature of NPM or yarn.

Security

  • Have you implemented security checks? At least run npm audit.
  • Have you checked the OWASP Top 10?

Git Tag

  • Have you created a git tag according to semver?

Publish to GitHub

  • Have you published all your updated code on GitHub?

Publish to NPM

When everything is done and the tests are fine, you can publish your NPM package with:

npm publish

Automation

There exists a tool called np that automatically does some sanity checks. It can be used instead of npm publish and complements this list.

Conclusion

I hope with this checklist I could help you as a software developer to quality control your NPM release process. It is not rocket science and easy to extend and adapt. Thus, I want to encourage you to adapt the checklist to your needs.

References

  • Npm publish: https://docs.npmjs.com/cli/v8/commands/npm-publish

  • Np: https://github.com/sindresorhus/np

  • Article best practices publishing NPM package by Snyk: https://snyk.io/blog/best-practices-create-modern-npm-package/

  • Cover photo by Markus Winkler on Unsplash

Published 15 Sep 2022

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Thomas Derflinger

Written by Thomas Derflinger

I am a visionary entrepreneur and software developer. In this blog I mainly write about web programming and related topics like IoT.