Skill

npm-publish

Publish the current package to npm. Bumps the version, ensures npm login, fetches the OTP from 1Password, and runs npm publish. Use when the user asks to "npm publish", "publish to npm", "release this package", or "bump and publish".

npx claudepluginhub danielrosehill/claude-code-plugins --plugin linux-packaging

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Use this for publishing a Node package in the current working directory to the public npm registry.

SKILL.md

Similar Skills

using-superpowers

180.9k

Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.

3 files

superpowers

Stats

Stars0

Forks0

Last CommitApr 27, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

npm publish (with 1Password OTP)

Use this for publishing a Node package in the current working directory to the public npm registry.

Steps

Confirm you're in a package root — package.json must exist. Read it to get the current name and version.

Ask which version bump (unless the user already said): patch, minor, or major. Default to patch if they say "just publish".

Check login status:

npm whoami

If it errors / returns nothing → run npm login and tell the user to complete it interactively (suggest they prefix with ! to run it in their shell). Stop and wait.
If it returns a username → proceed.

Bump the version (creates a git commit + tag by default):

npm version <patch|minor|major>

Fetch OTP from 1Password. The user stores npm 2FA in a 1Password item — try common names in order, stop at first hit:

op item get "npm" --otp 2>/dev/null \
  || op item get "npmjs" --otp 2>/dev/null \
  || op item get "npmjs.com" --otp 2>/dev/null

If all fail, ask the user for the 1Password item name. If op itself errors with "not signed in", tell the user to run !eval $(op signin).

Publish:

npm publish --otp=<otp>

For scoped packages that should be public, add --access public (check package.json — if "name": "@scope/..." and no publishConfig.access, include it).

Push the version commit + tag:

git push && git push --tags

Report the published version and the npmjs.com URL: https://www.npmjs.com/package/<name>.

Notes

OTPs expire in ~30 seconds — fetch it immediately before npm publish, not earlier.

Don't echo the OTP back to the user in plain chat output beyond what's needed.

If npm publish fails with EOTP, the code expired — refetch and retry once.

If the working tree is dirty, npm version will refuse. Ask the user whether to commit/stash first rather than forcing.

npm publish (with 1Password OTP)

Use this for publishing a Node package in the current working directory to the public npm registry.

Steps

Confirm you're in a package root — package.json must exist. Read it to get the current name and version.
Ask which version bump (unless the user already said): patch, minor, or major. Default to patch if they say "just publish".
Check login status:
```
npm whoami
```
- If it errors / returns nothing → run npm login and tell the user to complete it interactively (suggest they prefix with ! to run it in their shell). Stop and wait.
- If it returns a username → proceed.
Bump the version (creates a git commit + tag by default):
```
npm version <patch|minor|major>
```
Fetch OTP from 1Password. The user stores npm 2FA in a 1Password item — try common names in order, stop at first hit:
```
op item get "npm" --otp 2>/dev/null \
  || op item get "npmjs" --otp 2>/dev/null \
  || op item get "npmjs.com" --otp 2>/dev/null
```
If all fail, ask the user for the 1Password item name. If op itself errors with "not signed in", tell the user to run !eval $(op signin).
Publish:
```
npm publish --otp=<otp>
```
For scoped packages that should be public, add --access public (check package.json — if "name": "@scope/..." and no publishConfig.access, include it).
Push the version commit + tag:
```
git push && git push --tags
```
Report the published version and the npmjs.com URL: https://www.npmjs.com/package/<name>.

Notes

OTPs expire in ~30 seconds — fetch it immediately before npm publish, not earlier.
Don't echo the OTP back to the user in plain chat output beyond what's needed.
If npm publish fails with EOTP, the code expired — refetch and retry once.
If the working tree is dirty, npm version will refuse. Ask the user whether to commit/stash first rather than forcing.