@bobfrankston/npmglobalize 1.0.33 → 1.0.34

package/README.md

@@ -47,6 +47,39 @@ It automatically:
 2. Publishes `lxlan-node` (depends on lxlan)
 3. Converts and publishes `lxtest`
 
+**Settings Propagation (Default Behavior):**
+When publishing `file:` dependencies, these settings are **automatically inherited**:
+- `--update-deps` / `--update-major` (update dependencies)
+- `--fix` (run npm audit fix)
+- `--verbose` / `--quiet`
+- `--force` / `--files`
+
+**⚠️ Visibility Settings (Smart Inheritance):**
+- `--npmVisibility` is **only inherited by NEW repositories** (never published to npm before)
+- **Existing repositories** keep their current npm visibility (public/private) unchanged
+- `--gitVisibility` is inherited by all dependencies
+
+This ensures you can safely set `--npmVisibility private` as a default for new packages without accidentally changing the visibility of your existing published packages.
+
+**Why This Matters:**
+Once a package is published to npm (public or private), changing its visibility later requires careful consideration. This smart inheritance protects your existing packages while making new ones default to safe settings.
+
+Example - safely publish with new packages private by default:
+```bash
+npmglobalize --npmVisibility private
+# ✓ Existing npm packages: keep their current visibility
+# ✓ New packages (never published): default to private (safe!)
+# ✓ Regular npm dependencies (express, etc.): unchanged
+```
+
+Example with configuration file (recommended):
+```bash
+# In main package: create .globalize.json5 with "npmVisibility": "private"
+npmglobalize
+# ✓ Existing repos: publish with their current npm visibility
+# ✓ Brand new repos: inherit private setting
+```
+
 **Skip auto-publishing** (use with caution):
 ```bash
 npmglobalize -npd         # --no-publish-deps
@@ -74,6 +107,8 @@ npmglobalize --update-major
 - Updates to latest including major versions
 - Shows "(MAJOR)" indicator for breaking changes
 
+**Note:** The `--update-deps` flag propagates to all file: dependencies, so one command updates your entire dependency tree.
+
 ### 🔒 Security Auditing
 
 **Check vulnerabilities**:

package/cli.js

@@ -16,22 +16,23 @@ Arguments:
   path            Path to the project directory (default: current directory)
 
 Release Options:
-  --patch         Bump patch version (default)
-  --minor         Bump minor version
-  --major         Bump major version
-  --nopublish, -np  Just transform, don't publish
-  --cleanup       Restore from .dependencies
+  --patch              Bump patch version (default)
+  --minor              Bump minor version
+  --major              Bump major version
+  --nopublish, -np     Just transform, don't publish
+  --cleanup            Restore from .dependencies
+  -m, --message <msg>  Custom commit message (forces release even without changes)
 
 Dependency Options:
-  --update-deps      Update package.json to latest (minor/patch only, safe)
-  --update-major     Allow major version updates (breaking changes)
-  --no-publish-deps, -npd  Don't auto-publish file: dependencies (use with caution)
-  --force-publish    Republish dependencies even if version exists
-  --fix              Run npm audit fix after transformation
+  --update-deps, -ud        Update package.json to latest (minor/patch only, safe)
+  --update-major            Allow major version updates (breaking changes)
+  --no-publish-deps, -npd   Don't auto-publish file: dependencies (use with caution)
+  --force-publish           Republish dependencies even if version exists
+  --fix                     Run npm audit fix after transformation
 
 Install Options:
-  --install       Global install after publish (Windows)
-  --wsl           Also install globally in WSL
+  --install, -i    Global install after publish (Windows)
+  --wsl            Also install globally in WSL
 
 Mode Options:
   --files         Keep file: paths after publish (default)
@@ -46,15 +47,15 @@ Git/npm Visibility:
 Other Options:
   --init          Initialize git/npm if needed
   --force         Continue despite git errors
-  --dry-run       Show what would happen
+  --dry-run       Preview what would happen
   --quiet         Suppress npm warnings (default)
   --verbose       Show detailed output
   --conform       Update .gitignore/.npmignore to best practices
   --asis          Skip ignore file checks (or set "asis": true in .globalize.json5)
-  --fix-tags      Automatically fix version/tag mismatches
   --rebase        Automatically rebase if local is behind remote
-  --help, -h      Show this help
-  --version, -v   Show version number
+  --show          Show package.json dependency changes
+  -h, --help      Show this help
+  -v, --version   Show version number
 
 Examples:
   npmglobalize                       Transform + publish (auto-publishes file: deps)
@@ -190,6 +191,7 @@ function parseArgs(args) {
                 options.show = true;
                 break;
             case '--update-deps':
+            case '-ud':
                 options.updateDeps = true;
                 break;
             case '--update-major':

package/lib.d.ts

@@ -68,6 +68,8 @@ export declare function isFileRef(value: string): boolean;
 export declare function getLatestVersion(packageName: string): string | null;
 /** Check if a specific version of a package exists on npm */
 export declare function checkVersionExists(packageName: string, version: string): boolean;
+/** Check if a package exists on npm (any version) */
+export declare function checkPackageExists(packageName: string): boolean;
 /** Update existing npm dependencies to latest versions */
 export declare function updateNpmDeps(pkg: any, verbose?: boolean, allowMajor?: boolean): {
     updated: boolean;

package/lib.js

@@ -169,6 +169,20 @@ export function checkVersionExists(packageName, version) {
         return false;
     }
 }
+/** Check if a package exists on npm (any version) */
+export function checkPackageExists(packageName) {
+    try {
+        const result = spawnSync('npm', ['view', packageName, 'version'], {
+            encoding: 'utf-8',
+            stdio: 'pipe',
+            shell: true
+        });
+        return result.status === 0 && result.stdout.trim().length > 0;
+    }
+    catch (error) {
+        return false;
+    }
+}
 /** Parse semver version string to major.minor.patch */
 function parseSemver(version) {
     const clean = version.replace(/^[^\d]*/, ''); // Remove ^, ~, etc.
@@ -1382,7 +1396,10 @@ export async function globalize(cwd, options = {}) {
                     console.log('');
                     console.log(colors.yellow(`━━━ Publishing ${name}@${version} ━━━`));
                     if (!dryRun) {
+                        // Check if package has EVER been published to npm (any version)
+                        const hasBeenPublished = checkPackageExists(name);
                         // Recursively call globalize on the dependency
+                        // Only pass npmVisibility to truly NEW packages (never published before)
                         const depSuccess = await globalize(path, {
                             bump: 'patch', // Use existing version, don't bump
                             verbose,
@@ -1390,7 +1407,10 @@ export async function globalize(cwd, options = {}) {
                             force,
                             files,
                             gitVisibility,
-                            npmVisibility
+                            npmVisibility: hasBeenPublished ? undefined : npmVisibility, // Only for new packages
+                            updateDeps,
+                            updateMajor,
+                            fix
                         });
                         if (!depSuccess) {
                             console.error(colors.red(`Failed to publish ${name}`));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/npmglobalize",
-  "version": "1.0.33",
+  "version": "1.0.34",
   "description": "Transform file: dependencies to npm versions for publishing",
   "main": "index.js",
   "type": "module",