Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Output published package info in output #5649

Open
2 tasks done
ironicnet opened this issue Aug 9, 2023 · 3 comments · May be fixed by #6076
Open
2 tasks done

[Feature] Output published package info in output #5649

ironicnet opened this issue Aug 9, 2023 · 3 comments · May be fixed by #6076
Labels
enhancement New feature or request

Comments

@ironicnet
Copy link

  • I'd be willing to implement this feature (contributing guide)
  • This feature is important to have in this repository; a contrib plugin wouldn't do

Describe the user story

Currently when publishing a package by using yarn npm publish is very unclear which version got published.
This is basically the output of a yarn npm publish:

➤ YN0000: package.json
➤ YN0000: readme/roadmap.md
➤ YN0000: Package archive published
➤ YN0000: Done in 1s 832ms

Describe the solution you'd like

This is how the same file contents looked with only npm publish:

npm notice 3.6kB   package.json                                                    
npm notice 5.3kB   readme/roadmap.md                                               
npm notice === Tarball Details === 
npm notice name:          @scope/package-name                         
npm notice version:       1.33.0-beta2376675.0                       
npm notice filename:      @scope/package-name-1.33.0-beta2376675.0.tgz
npm notice package size:  92.3 kB                                    
npm notice unpacked size: 435.5 kB                                   
npm notice shasum:        108cb5fd34eb83096aea56d36f6cf4ba1208a134   
npm notice integrity:     sha512-sdMJO9hsu7Z+J[...]XGwdWPzXgrZ8g==   
npm notice total files:   227                                        
npm notice 
npm notice Publishing to https://artifactory.domain/artifactory/api/npm/scope/
+ @scope/package-name@1.33.0-beta2376675.0

Describe the drawbacks of your solution
It may be slower to gather the archive or package details. But nothing else

Describe alternatives you've considered

Why not making it a plugin?

  • This info is already in the publish command. Forcing consumers to install a plugin for such a trivial but vital info is kinda ugly
@ironicnet ironicnet added the enhancement New feature or request label Aug 9, 2023
@ironicnet
Copy link
Author

Currently the makePublishBody already has almost all the info we need.

We are calling the makePublishBody from the publish command. So we should return that after the await and print it:

@arcanis
Copy link
Member

arcanis commented Aug 9, 2023

I can see a couple more information being useful, but not everything npm displays.

Unlike npm we also tend to differentiate between the output for humans vs the output for robots (--json). Things like the shasum probably make more sense for the latter than the former.

That being said, name / version / tag name / publish registry are probably safe to show on the regular output - perhaps by reusing the new tree display we use in commands like yarn npm audit (in 4.x).

@rsoberano-ld
Copy link

Hi, wanted to chime in on another need for this functionality in case it's helpful.

We're looking to generate SLSA provenance for our packages published using the yarn npm publish command. Since yarn doesn't support the --provenance option that's available in npm, we'll need to generate provenance manually using the generic SLSA provenance generator with the shasum of the package.

However, yarn npm publish packs the workspace and publishes the package in a single step, and that artifact isn't written anywhere locally, so we can't manually calculate the shasum for the generated package ourselves. It'd be incredibly useful if yarn npm publish output the shasum information (even if it's just part of a --json output) after the publish runs, as there really isn't any other way we can access it (unless there are workarounds I'm not aware of?)

@ironicnet ironicnet linked a pull request Jan 12, 2024 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add package info to the publish output ironicnet/berry
3 participants
@ironicnet @arcanis @rsoberano-ld