@jsdevtools/npm-publish 2.0.0 → 2.2.0

package/lib/read-manifest.d.ts

@@ -1,10 +1,6 @@
-/** The result of reading a package manifest */
-export interface ManifestReadResult {
-    packageSpec: string;
-    manifest: PackageManifest;
-}
-/** A package manifest (package.json) */
+/** A package manifest (package.json) and associated details. */
 export interface PackageManifest {
+    packageSpec: string;
     name: string;
     version: string;
     scope: string | undefined;
@@ -15,6 +11,7 @@ export interface PackagePublishConfig {
     tag?: string;
     access?: string;
     registry?: string;
+    provenance?: boolean;
 }
 /**
  * Reads the package manifest (package.json) and returns its parsed contents.
@@ -22,4 +19,4 @@ export interface PackagePublishConfig {
  * @param packagePath The path to the package being published.
  * @returns The parsed package metadata.
  */
-export declare function readManifest(packagePath: unknown): Promise<ManifestReadResult>;
+export declare function readManifest(packagePath: unknown): Promise<PackageManifest>;

package/lib/read-manifest.js

@@ -128,7 +128,10 @@ async function readManifest(packagePath) {
     }
     return {
         packageSpec,
-        manifest: { name, version, publishConfig, scope: SCOPE_RE.exec(name)?.[1] },
+        name,
+        version,
+        publishConfig,
+        scope: SCOPE_RE.exec(name)?.[1],
     };
 }
 exports.readManifest = readManifest;

package/lib/read-manifest.js.map

@@ -1 +1 @@
-{"version":3,"file":"read-manifest.js","sourceRoot":"","sources":["../src/read-manifest.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gEAAkC;AAClC,0DAA6B;AAC7B,mCAA8C;AAC9C,6BAAsD;AAEtD,oDAAsC;AAuBtC,MAAM,QAAQ,GAAG,cAAc,CAAC;AAEhC,MAAM,iBAAiB,GAAG,cAAc,CAAC;AACzC,MAAM,eAAe,GAAG,MAAM,CAAC;AAE/B,MAAM,UAAU,GAAG,CAAC,IAAa,EAAkB,EAAE;IACnD,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,mBAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,iBAAiB,CAAC;AAC/E,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,CAAC,IAAa,EAAkB,EAAE;IACpD,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,mBAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;AAC/D,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,IAAa,EAAkB,EAAE;IAClD,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,mBAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,eAAe,CAAC;AAC5E,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,OAAgB,EAAqB,EAAE;IACxD,OAAO,IAAA,cAAW,EAAC,OAAiB,CAAC,KAAK,IAAI,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,KAAK,EAAE,GAAG,YAAsB,EAAmB,EAAE;IAC3E,MAAM,IAAI,GAAG,mBAAI,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC;IAE3C,IAAI;QACF,OAAO,MAAM,kBAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;KACxC;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACpD;AACH,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAG,KAAK,EAAE,IAAY,EAAmB,EAAE;IACrE,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,OAAO,GAAG,CAAC,KAAgB,EAAE,EAAE;QACnC,IAAI,KAAK,CAAC,IAAI,KAAK,sBAAsB,EAAE;YACzC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;SAC/C;IACH,CAAC,CAAC;IAEF,IAAI;QACF,MAAM,IAAA,UAAO,EAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAEjC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;YACrB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;KACF;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,MAAM,CAAC,uBAAuB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACvD;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;AACxC,CAAC,CAAC;AAEF;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,WAAoB;IAEpB,IAAI,WAA+B,CAAC;IACpC,IAAI,gBAAwB,CAAC;IAE7B,IAAI,CAAC,WAAW,EAAE;QAChB,WAAW,GAAG,EAAE,CAAC;QACjB,gBAAgB,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,CAAC;KAC7D;SAAM,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE;QAClC,WAAW,GAAG,mBAAI,CAAC,OAAO,CAAC,mBAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;QACtD,gBAAgB,GAAG,MAAM,eAAe,CAAC,WAAW,CAAC,CAAC;KACvD;SAAM,IAAI,WAAW,CAAC,WAAW,CAAC,EAAE;QACnC,WAAW,GAAG,mBAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACxC,gBAAgB,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;KAC1E;SAAM,IAAI,SAAS,CAAC,WAAW,CAAC,EAAE;QACjC,WAAW,GAAG,mBAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACxC,gBAAgB,GAAG,MAAM,sBAAsB,CAAC,WAAW,CAAC,CAAC;KAC9D;SAAM;QACL,MAAM,IAAI,MAAM,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;KACnD;IAED,IAAI,YAAqC,CAAC;IAC1C,IAAI,IAAa,CAAC;IAClB,IAAI,OAAgB,CAAC;IACrB,IAAI,aAAsB,CAAC;IAE3B,IAAI;QACF,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAA4B,CAAC;QACvE,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAClC,aAAa,GAAG,YAAY,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;KACrD;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,MAAM,CAAC,qBAAqB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;KAC5D;IAED,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;QACjD,MAAM,IAAI,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;KAChD;IAED,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;QACvB,MAAM,IAAI,MAAM,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;KACtD;IAED,IACE,OAAO,aAAa,KAAK,QAAQ;QACjC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;QAC5B,CAAC,aAAa,EACd;QACA,MAAM,IAAI,MAAM,CAAC,gCAAgC,CAAC,aAAa,CAAC,CAAC;KAClE;IAED,OAAO;QACL,WAAW;QACX,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;KAC5E,CAAC;AACJ,CAAC;AAxDD,oCAwDC"}
+{"version":3,"file":"read-manifest.js","sourceRoot":"","sources":["../src/read-manifest.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gEAAkC;AAClC,0DAA6B;AAC7B,mCAA8C;AAC9C,6BAAsD;AAEtD,oDAAsC;AAmBtC,MAAM,QAAQ,GAAG,cAAc,CAAC;AAEhC,MAAM,iBAAiB,GAAG,cAAc,CAAC;AACzC,MAAM,eAAe,GAAG,MAAM,CAAC;AAE/B,MAAM,UAAU,GAAG,CAAC,IAAa,EAAkB,EAAE;IACnD,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,mBAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,iBAAiB,CAAC;AAC/E,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,CAAC,IAAa,EAAkB,EAAE;IACpD,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,mBAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;AAC/D,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,IAAa,EAAkB,EAAE;IAClD,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,mBAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,eAAe,CAAC;AAC5E,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,OAAgB,EAAqB,EAAE;IACxD,OAAO,IAAA,cAAW,EAAC,OAAiB,CAAC,KAAK,IAAI,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,KAAK,EAAE,GAAG,YAAsB,EAAmB,EAAE;IAC3E,MAAM,IAAI,GAAG,mBAAI,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC;IAE3C,IAAI;QACF,OAAO,MAAM,kBAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;KACxC;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACpD;AACH,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAG,KAAK,EAAE,IAAY,EAAmB,EAAE;IACrE,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,OAAO,GAAG,CAAC,KAAgB,EAAE,EAAE;QACnC,IAAI,KAAK,CAAC,IAAI,KAAK,sBAAsB,EAAE;YACzC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;SAC/C;IACH,CAAC,CAAC;IAEF,IAAI;QACF,MAAM,IAAA,UAAO,EAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAEjC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;YACrB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;KACF;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,MAAM,CAAC,uBAAuB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACvD;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;AACxC,CAAC,CAAC;AAEF;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,WAAoB;IAEpB,IAAI,WAA+B,CAAC;IACpC,IAAI,gBAAwB,CAAC;IAE7B,IAAI,CAAC,WAAW,EAAE;QAChB,WAAW,GAAG,EAAE,CAAC;QACjB,gBAAgB,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,CAAC;KAC7D;SAAM,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE;QAClC,WAAW,GAAG,mBAAI,CAAC,OAAO,CAAC,mBAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;QACtD,gBAAgB,GAAG,MAAM,eAAe,CAAC,WAAW,CAAC,CAAC;KACvD;SAAM,IAAI,WAAW,CAAC,WAAW,CAAC,EAAE;QACnC,WAAW,GAAG,mBAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACxC,gBAAgB,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;KAC1E;SAAM,IAAI,SAAS,CAAC,WAAW,CAAC,EAAE;QACjC,WAAW,GAAG,mBAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACxC,gBAAgB,GAAG,MAAM,sBAAsB,CAAC,WAAW,CAAC,CAAC;KAC9D;SAAM;QACL,MAAM,IAAI,MAAM,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;KACnD;IAED,IAAI,YAAqC,CAAC;IAC1C,IAAI,IAAa,CAAC;IAClB,IAAI,OAAgB,CAAC;IACrB,IAAI,aAAsB,CAAC;IAE3B,IAAI;QACF,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAA4B,CAAC;QACvE,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAClC,aAAa,GAAG,YAAY,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;KACrD;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,MAAM,CAAC,qBAAqB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;KAC5D;IAED,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;QACjD,MAAM,IAAI,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;KAChD;IAED,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;QACvB,MAAM,IAAI,MAAM,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;KACtD;IAED,IACE,OAAO,aAAa,KAAK,QAAQ;QACjC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;QAC5B,CAAC,aAAa,EACd;QACA,MAAM,IAAI,MAAM,CAAC,gCAAgC,CAAC,aAAa,CAAC,CAAC;KAClE;IAED,OAAO;QACL,WAAW;QACX,IAAI;QACJ,OAAO;QACP,aAAa;QACb,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;KAChC,CAAC;AACJ,CAAC;AA3DD,oCA2DC"}

package/lib/results.d.ts

@@ -1,5 +1,9 @@
 import type { Access, Strategy } from "./options.js";
-import type { ReleaseType } from "./compare-versions.js";
+import type { ReleaseType as SemverReleaseType } from "semver";
+/** Release type */
+export type ReleaseType = SemverReleaseType | typeof INITIAL | typeof DIFFERENT;
+export declare const INITIAL = "initial";
+export declare const DIFFERENT = "different";
 /** Results of the publish */
 export interface Results {
     /**

package/lib/results.js

@@ -1,3 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.DIFFERENT = exports.INITIAL = void 0;
+exports.INITIAL = "initial";
+exports.DIFFERENT = "different";
 //# sourceMappingURL=results.js.map

package/lib/results.js.map

@@ -1 +1 @@
-{"version":3,"file":"results.js","sourceRoot":"","sources":["../src/results.ts"],"names":[],"mappings":""}
+{"version":3,"file":"results.js","sourceRoot":"","sources":["../src/results.ts"],"names":[],"mappings":";;;AAKa,QAAA,OAAO,GAAG,SAAS,CAAC;AACpB,QAAA,SAAS,GAAG,WAAW,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@jsdevtools/npm-publish",
   "description": "Fast, easy publishing to NPM",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "keywords": [
     "github-action",
     "npm",
@@ -31,7 +31,7 @@
     "!__tests__"
   ],
   "scripts": {
-    "all": "npm run clean && npm run build && npm run lint && npm run coverage",
+    "all": "npm run clean && npm run build && npm run format && npm run coverage",
     "clean": "rimraf coverage lib dist e2e/fixture *.tgz",
     "lint": "npm run _eslint && npm run _prettier -- --check",
     "format": "npm run _eslint -- --fix && npm run _prettier -- --write",
@@ -41,37 +41,41 @@
     "test": "vitest",
     "coverage": "vitest run --coverage",
     "_eslint": "eslint \"**/*.@(js|ts)\"",
-    "_prettier": "prettier \"**/*.@(js|ts|json|md|yml)\""
+    "_prettier": "prettier \"**/*.@(js|ts|json|md|yaml)\""
   },
   "engines": {
     "node": ">=16"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "devDependencies": {
     "@actions/core": "^1.10.0",
     "@types/command-line-args": "^5.0.0",
-    "@types/node": "^18.15.11",
+    "@types/node": "^18.16.3",
     "@types/tar": "^6.1.4",
-    "@typescript-eslint/eslint-plugin": "^5.59.0",
-    "@typescript-eslint/parser": "^5.59.0",
-    "@vitest/coverage-istanbul": "^0.30.1",
+    "@typescript-eslint/eslint-plugin": "^5.59.2",
+    "@typescript-eslint/parser": "^5.59.2",
+    "@vitest/coverage-istanbul": "^0.31.4",
     "concurrently": "^8.0.1",
-    "esbuild": "0.17.17",
-    "eslint": "^8.38.0",
+    "esbuild": "^0.17.18",
+    "eslint": "^8.39.0",
     "eslint-config-prettier": "^8.8.0",
     "eslint-import-resolver-typescript": "^3.5.5",
     "eslint-plugin-import": "npm:eslint-plugin-i@^2.27.5-1",
-    "eslint-plugin-jsdoc": "^43.0.6",
-    "eslint-plugin-n": "^15.7.0",
+    "eslint-plugin-jsdoc": "^43.1.1",
+    "eslint-plugin-n": "^16.0.0",
     "eslint-plugin-promise": "^6.1.1",
     "eslint-plugin-sonarjs": "^0.19.0",
-    "eslint-plugin-unicorn": "^46.0.0",
-    "prettier": "^2.8.7",
+    "eslint-plugin-unicorn": "^46.0.1",
+    "prettier": "^2.8.8",
     "prettier-plugin-jsdoc": "^0.4.2",
     "rimraf": "^5.0.0",
     "testdouble": "^3.17.2",
     "testdouble-vitest": "^0.1.2",
     "typescript": "^5.0.4",
-    "vitest": "^0.30.1"
+    "vitest": "^0.31.4"
   },
   "dependencies": {
     "@types/semver": "^7.3.13",

package/src/action/core.ts

@@ -45,10 +45,14 @@ export function getRequiredSecretInput(name: string): string {
  * Get a boolean input by name.
  *
  * @param name Input name
- * @returns True if value is "true", false if not
+ * @returns True if value is "true", false if "false", undefined if unset
  */
-export function getBooleanInput(name: string): boolean {
-  return ghGetInput(name) === "true";
+export function getBooleanInput(name: string): boolean | undefined {
+  const inputString = ghGetInput(name).toLowerCase();
+
+  if (inputString === "true") return true;
+  if (inputString === "false") return false;
+  return undefined;
 }
 
 /**

package/src/action/main.ts

@@ -10,7 +10,9 @@ async function run(): Promise<void> {
     package: core.getInput("package"),
     tag: core.getInput("tag"),
     access: core.getInput("access"),
+    provenance: core.getBooleanInput("provenance"),
     strategy: core.getInput("strategy"),
+    ignoreScripts: core.getBooleanInput("ignore-scripts"),
     dryRun: core.getBooleanInput("dry-run"),
     logger: core.logger,
     temporaryDirectory: process.env["RUNNER_TEMP"],

package/src/cli/index.ts

@@ -23,11 +23,17 @@ Options:
                           Defaults to "latest".
 
   --access <access>       Package access, may be "public" or "restricted".
-                          See documentation for details.
+                          See npm documentation for details.
+
+  --provenance            Publish with provenance statements.
+                          See npm documentation for details.
 
   --strategy <strategy>   Publish strategy, may be "all" or "upgrade".
                           Defaults to "all", see documentation for details.
 
+  --ignore-scripts        Ignore lifecycle scripts as a security precaution.
+                          Defaults to true.
+
   --dry-run               Do not actually publish anything.
   --quiet                 Only print errors.
   --debug                 Print debug logs.

package/src/cli/parse-cli-arguments.ts

@@ -9,7 +9,9 @@ const ARGUMENTS_OPTIONS = [
   { name: "registry", type: String },
   { name: "tag", type: String },
   { name: "access", type: String },
+  { name: "provenance", type: Boolean },
   { name: "strategy", type: String },
+  { name: "no-ignore-scripts", type: Boolean },
   { name: "dry-run", type: Boolean },
   { name: "quiet", type: Boolean },
   { name: "debug", type: Boolean },
@@ -33,11 +35,19 @@ export interface ParsedArguments {
  * @returns A parsed object of options.
  */
 export function parseCliArguments(argv: string[]): ParsedArguments {
-  const { help, version, quiet, debug, ...options } = commandLineArgs(
+  const { help, version, quiet, debug, ...optionFlags } = commandLineArgs(
     ARGUMENTS_OPTIONS,
     { argv, camelCase: true }
   );
 
+  const options = Object.fromEntries(
+    Object.entries(optionFlags).map(([key, value]) => {
+      return key === "noIgnoreScripts"
+        ? ["ignoreScripts", !value]
+        : [key, value];
+    })
+  );
+
   return {
     help: Boolean(help),
     version: Boolean(version),

package/src/compare-and-publish/compare-and-publish.ts

@@ -0,0 +1,79 @@
+import type { PackageManifest } from "../read-manifest.js";
+import type { NormalizedOptions } from "../normalize-options.js";
+import {
+  VIEW,
+  PUBLISH,
+  E404,
+  EPUBLISHCONFLICT,
+  callNpmCli,
+  type NpmCliEnvironment,
+} from "../npm/index.js";
+import { compareVersions, type VersionComparison } from "./compare-versions.js";
+import { getViewArguments, getPublishArguments } from "./get-arguments.js";
+
+export interface PublishResult extends VersionComparison {
+  id: string | undefined;
+  files: PublishFile[];
+}
+
+export interface PublishFile {
+  path: string;
+  size: number;
+}
+
+/**
+ * Get the currently published versions of a package and publish if needed.
+ *
+ * @param manifest The package to potentially publish.
+ * @param options Configuration options.
+ * @param environment Environment variables for the npm cli.
+ * @returns Information about the publish, including if it occurred.
+ */
+export async function compareAndPublish(
+  manifest: PackageManifest,
+  options: NormalizedOptions,
+  environment: NpmCliEnvironment
+): Promise<PublishResult> {
+  const { name, version, packageSpec } = manifest;
+  const cliOptions = {
+    environment,
+    ignoreScripts: options.ignoreScripts.value,
+    logger: options.logger,
+  };
+
+  const viewArguments = getViewArguments(name, options);
+  const publishArguments = getPublishArguments(packageSpec, options);
+  let viewCall = await callNpmCli(VIEW, viewArguments, cliOptions);
+
+  // `npm view` will succeed with no output the package exists in the registry
+  // with no `latest` tag. This is only possible with third-party registries.
+  // https://github.com/npm/cli/issues/6408
+  if (!viewCall.successData && !viewCall.error) {
+    // Retry the call to `npm view` with the configured publish tag,
+    // to at least try to get something.
+    const viewWithTagArguments = getViewArguments(name, options, true);
+    viewCall = await callNpmCli(VIEW, viewWithTagArguments, cliOptions);
+  }
+
+  if (viewCall.error && viewCall.errorCode !== E404) {
+    throw viewCall.error;
+  }
+
+  const comparison = compareVersions(version, viewCall.successData, options);
+  const publishCall = comparison.type
+    ? await callNpmCli(PUBLISH, publishArguments, cliOptions)
+    : { successData: undefined, errorCode: undefined, error: undefined };
+
+  if (publishCall.error && publishCall.errorCode !== EPUBLISHCONFLICT) {
+    throw publishCall.error;
+  }
+
+  const { successData: publishData } = publishCall;
+
+  return {
+    id: publishData?.id,
+    files: publishData?.files ?? [],
+    type: publishData ? comparison.type : undefined,
+    oldVersion: comparison.oldVersion,
+  };
+}

package/src/compare-and-publish/compare-versions.ts

@@ -0,0 +1,48 @@
+import semverDifference from "semver/functions/diff.js";
+import semverGreaterThan from "semver/functions/gt.js";
+import semverValid from "semver/functions/valid.js";
+
+import { STRATEGY_ALL } from "../options.js";
+import type { NormalizedOptions } from "../normalize-options.js";
+import type { ReleaseType } from "../results.js";
+import type { NpmViewData } from "../npm/index.js";
+
+export interface VersionComparison {
+  type: ReleaseType | undefined;
+  oldVersion: string | undefined;
+}
+
+const INITIAL = "initial";
+const DIFFERENT = "different";
+
+/**
+ * Compare previously published versions with the package's current version.
+ *
+ * @param currentVersion The current package version.
+ * @param publishedVersions The versions that have already been published.
+ * @param options Configuration options
+ * @returns The release type and previous version.
+ */
+export function compareVersions(
+  currentVersion: string,
+  publishedVersions: NpmViewData | undefined,
+  options: NormalizedOptions
+): VersionComparison {
+  const { versions, "dist-tags": tags } = publishedVersions ?? {};
+  const { strategy, tag: publishTag } = options;
+  const oldVersion = semverValid(tags?.[publishTag.value]) ?? undefined;
+  const isUnique = !versions?.includes(currentVersion);
+  let type: ReleaseType | undefined;
+
+  if (isUnique) {
+    if (!oldVersion) {
+      type = INITIAL;
+    } else if (semverGreaterThan(currentVersion, oldVersion)) {
+      type = semverDifference(currentVersion, oldVersion) ?? DIFFERENT;
+    } else if (strategy.value === STRATEGY_ALL) {
+      type = DIFFERENT;
+    }
+  }
+
+  return { type, oldVersion };
+}

package/src/compare-and-publish/get-arguments.ts

@@ -0,0 +1,61 @@
+import type { NormalizedOptions } from "../normalize-options.js";
+
+/**
+ * Given a package name and publish configuration, get the NPM CLI view
+ * arguments.
+ *
+ * @param packageName Package name.
+ * @param options Publish configuration.
+ * @param retryWithTag Include a non-latest tag in the package spec for a rety
+ *   attempt.
+ * @returns Arguments to pass to the NPM CLI. If `retryWithTag` is true, but the
+ *   publish config is using the `latest` tag, will return `undefined`.
+ */
+export function getViewArguments(
+  packageName: string,
+  options: NormalizedOptions,
+  retryWithTag = false
+): string[] {
+  const packageSpec = retryWithTag
+    ? `${packageName}@${options.tag.value}`
+    : packageName;
+
+  return [packageSpec, "dist-tags", "versions"];
+}
+
+/**
+ * Given a publish configuration, get the NPM CLI publish arguments.
+ *
+ * @param packageSpec Package specification path.
+ * @param options Publish configuration.
+ * @returns Arguments to pass to the NPM CLI.
+ */
+export function getPublishArguments(
+  packageSpec: string,
+  options: NormalizedOptions
+): string[] {
+  const { tag, access, dryRun, provenance } = options;
+  const publishArguments = [];
+
+  if (packageSpec.length > 0) {
+    publishArguments.push(packageSpec);
+  }
+
+  if (!tag.isDefault) {
+    publishArguments.push("--tag", tag.value);
+  }
+
+  if (!access.isDefault && access.value) {
+    publishArguments.push("--access", access.value);
+  }
+
+  if (!provenance.isDefault && provenance.value) {
+    publishArguments.push("--provenance");
+  }
+
+  if (!dryRun.isDefault && dryRun.value) {
+    publishArguments.push("--dry-run");
+  }
+
+  return publishArguments;
+}

package/src/compare-and-publish/index.ts

@@ -0,0 +1 @@
+export * from "./compare-and-publish.js";

package/src/errors.ts

@@ -95,6 +95,13 @@ export class InvalidTokenError extends TypeError {
   }
 }
 
+export class InvalidTagError extends TypeError {
+  public constructor(value: unknown) {
+    super(`Tag must be a non-empty string, got "${String(value)}".`);
+    this.name = "InvalidTagError";
+  }
+}
+
 export class InvalidAccessError extends TypeError {
   public constructor(value: unknown) {
     super(

package/src/format-publish-result.ts

@@ -1,6 +1,6 @@
 import os from "node:os";
 
-import type { PublishResult } from "./npm/index.js";
+import type { PublishResult } from "./compare-and-publish/index.js";
 import type { PackageManifest } from "./read-manifest.js";
 import type { NormalizedOptions } from "./normalize-options.js";
 
@@ -9,22 +9,22 @@ import type { NormalizedOptions } from "./normalize-options.js";
  *
  * @param manifest Package manifest
  * @param options Configuration options.
- * @param results Results from running npm publish.
+ * @param result Results from running npm publish.
  * @returns Formatted string.
  */
 export function formatPublishResult(
   manifest: PackageManifest,
   options: NormalizedOptions,
-  results?: PublishResult
+  result: PublishResult
 ): string {
-  if (results === undefined) {
+  if (result.id === undefined) {
     return `🙅‍♀️ ${manifest.name}@${manifest.version} publish skipped.`;
   }
 
   return [
-    `📦 ${results.id}${options.dryRun.value ? " (DRY RUN)" : ""}`,
+    `📦 ${result.id}${options.dryRun.value ? " (DRY RUN)" : ""}`,
     "=== Contents ===",
-    ...results.files.map(({ path, size }) => `${formatSize(size)}\t${path}`),
+    ...result.files.map(({ path, size }) => `${formatSize(size)}\t${path}`),
   ].join(os.EOL);
 }
 

package/src/normalize-options.ts

@@ -13,8 +13,8 @@ import {
   type Logger,
 } from "./options.js";
 
-const DEFAULT_REGISTRY = "https://registry.npmjs.org/";
-const DEFAULT_TAG = "latest";
+const REGISTRY_NPM = "https://registry.npmjs.org/";
+export const TAG_LATEST = "latest";
 
 /** Normalized and sanitized auth, publish, and runtime configurations. */
 export interface NormalizedOptions {
@@ -22,6 +22,8 @@ export interface NormalizedOptions {
   token: string;
   tag: ConfigValue<string>;
   access: ConfigValue<Access | undefined>;
+  provenance: ConfigValue<boolean>;
+  ignoreScripts: ConfigValue<boolean>;
   dryRun: ConfigValue<boolean>;
   strategy: ConfigValue<Strategy>;
   logger: Logger | undefined;
@@ -37,28 +39,32 @@ export interface ConfigValue<TValue> {
 /**
  * Normalizes and sanitizes options, and fills-in any default values.
  *
- * @param options User-input options.
  * @param manifest Package metadata from package.json.
+ * @param options User-input options.
  * @returns Validated auth and publish configuration.
  */
 export function normalizeOptions(
-  options: Options,
-  manifest: PackageManifest
+  manifest: PackageManifest,
+  options: Options
 ): NormalizedOptions {
-  const defaultTag = manifest.publishConfig?.tag ?? DEFAULT_TAG;
+  const defaultTag = manifest.publishConfig?.tag ?? TAG_LATEST;
 
-  const defaultRegistry = manifest.publishConfig?.registry ?? DEFAULT_REGISTRY;
+  const defaultRegistry = manifest.publishConfig?.registry ?? REGISTRY_NPM;
 
   const defaultAccess =
     manifest.publishConfig?.access ??
     (manifest.scope === undefined ? ACCESS_PUBLIC : undefined);
 
+  const defaultProvenance = manifest.publishConfig?.provenance ?? false;
+
   return {
     token: validateToken(options.token),
     registry: validateRegistry(options.registry ?? defaultRegistry),
     tag: setValue(options.tag, defaultTag, validateTag),
     access: setValue(options.access, defaultAccess, validateAccess),
-    dryRun: setValue(options.dryRun, false, validateDryRun),
+    provenance: setValue(options.provenance, defaultProvenance, Boolean),
+    ignoreScripts: setValue(options.ignoreScripts, true, Boolean),
+    dryRun: setValue(options.dryRun, false, Boolean),
     strategy: setValue(options.strategy, STRATEGY_ALL, validateStrategy),
     logger: options.logger,
     temporaryDirectory: options.temporaryDirectory ?? os.tmpdir(),
@@ -91,11 +97,11 @@ const validateRegistry = (value: unknown): URL => {
 };
 
 const validateTag = (value: unknown): string => {
-  return value as string;
-};
+  if (typeof value === "string" && value.length > 0) {
+    return value;
+  }
 
-const validateDryRun = (value: unknown): boolean => {
-  return value as boolean;
+  throw new errors.InvalidTagError(value);
 };
 
 const validateAccess = (value: unknown): Access | undefined => {