semantic-release-npm-github-publish 1.7.4 → 1.7.6

package/package.json

@@ -60,6 +60,7 @@
   "scripts": {
     "docs:index:check": "docs-index-keeper check",
     "docs:index:update": "docs-index-keeper update",
+    "pack:check": "npm pack --dry-run",
     "release:dry-run": "node ./scripts/release-dry-run.mjs",
     "test": "node --test",
     "test:config": "node -e \"const config = require('./release.config.js'); if (!Array.isArray(config.plugins) || config.plugins.length === 0) { throw new Error('release config did not load plugins'); }\"",
@@ -70,6 +71,6 @@
   "docsIndexKeeper": {
     "indexFile": "docs/README.md"
   },
-  "version": "1.7.4",
+  "version": "1.7.6",
   "snyk": true
 }

package/readme.md

@@ -1,5 +1,3 @@
-# semantic-release-npm-github-publish
-
 <p align="center">
   <a href="https://github.com/oleg-koval/semantic-release-npm-github-publish/actions/workflows/ci.yml" target="_blank">
     <img alt="CI" src="https://github.com/oleg-koval/semantic-release-npm-github-publish/actions/workflows/ci.yml/badge.svg?branch=main">
@@ -10,6 +8,9 @@
   <a href="https://github.com/oleg-koval/semantic-release-npm-github-publish/actions/workflows/codeql-analysis.yml" target="_blank">
     <img alt="CodeQL" src="https://github.com/oleg-koval/semantic-release-npm-github-publish/actions/workflows/codeql-analysis.yml/badge.svg?branch=main">
   </a>
+  <a href="https://scorecard.dev/viewer/?uri=github.com/oleg-koval/semantic-release-npm-github-publish" target="_blank">
+    <img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/oleg-koval/semantic-release-npm-github-publish/badge">
+  </a>
   <a href="https://www.npmjs.com/package/semantic-release-npm-github-publish" target="_blank">
     <img alt="npm" src="https://img.shields.io/npm/v/semantic-release-npm-github-publish.svg">
   </a>
@@ -17,55 +18,32 @@
     <img alt="npm downloads" src="https://img.shields.io/npm/dm/semantic-release-npm-github-publish.svg">
   </a>
   <a href="https://github.com/oleg-koval/semantic-release-npm-github-publish/blob/main/LICENSE" target="_blank">
-    <img alt="License: MIT" src="https://img.shields.io/badge/License-MIT-yellow.svg" />
+    <img alt="License: MIT" src="https://img.shields.io/badge/License-MIT-yellow.svg">
   </a>
 </p>
 
-> Opinionated `semantic-release` shareable configuration for npm + GitHub publishing with changelog generation and release commits.
+<p align="center">
+  <img src="./site/assets/icon.svg" width="120" height="120" alt="semantic-release-npm-github-publish icon">
+</p>
 
-Website: https://oleg-koval.github.io/semantic-release-npm-github-publish/
+<h1 align="center">semantic-release-npm-github-publish</h1>
 
-## About
+<p align="center">
+  Opinionated semantic-release shareable configuration for npm and GitHub publishing.<br>
+  <strong>One maintained preset for changelogs, npm releases, GitHub releases, and release commits.</strong>
+</p>
 
-This package is useful if you want one maintained preset instead of repeating the same `semantic-release` plugin composition in every repository.
+---
 
-It adds value beyond native plugin composition by shipping:
+## Features
 
+- standard `semantic-release` plugin chain for npm and GitHub publishing
 - extra patch release rules for `build`, `ci`, `chore`, `docs`, `refactor`, `style`, and `test`
 - curated changelog grouping, titles, and emojis via [`commit-transform.js`](./commit-transform.js) and [`types.js`](./types.js)
-- a fixed publish chain for npm + GitHub, including changelog updates and a release commit
-
-## Default Behavior
-
-The exported config uses this exact plugin chain:
-
-1. `@semantic-release/commit-analyzer`
-   with custom `releaseRules` for additional patch-triggering commit types
-2. `@semantic-release/release-notes-generator`
-3. `@semantic-release/changelog`
-4. `@semantic-release/npm`
-5. `@semantic-release/git`
-   commits `package.json`, `package-lock.json`, and `CHANGELOG.md`
-   with `release(version): Release ${nextRelease.version} [skip ci]`
-6. `@semantic-release/github`
-
-Release semantics match standard Conventional Commits and SemVer:
-
-- `fix` => patch
-- `feat` => minor
-- `BREAKING CHANGE` footer or `!` => major
-- `build`, `ci`, `chore`, `docs`, `refactor`, `style`, and `test` => patch in this preset
-
-## Compatibility
-
-This preset is actively maintained against the current stable `semantic-release` major.
+- repo-local stable and beta release channels without forcing branch policy on consumers
+- CI coverage for config loading, release semantics, changelog transforms, docs index integrity, and package contents
 
-- tested with Node `22` and `24`
-- publish workflow runs on Node `24`
-- peer dependency ranges are pinned to the currently supported plugin majors
-- this repository also validates a `beta` prerelease branch with a repo-only release config
-
-## Install
+## Installation
 
 Install `semantic-release`, this preset, and the peer plugins it expects:
 
@@ -93,14 +71,7 @@ Add a release script:
 
 Run `npx semantic-release` in your release workflow.
 
-For this repository itself, stable releases come from `main` and prereleases come from `beta` via `release.repo.config.js`. The exported shareable config remains branch-agnostic for consumers.
-
-## Usage
-
-<p>
-  <strong style="color:#b91c1c;">Migration notice:</strong>
-  this preset does not hardcode consumer release branches. `main` is the documented default, but if your repository still releases from `master` or another branch, set `branches` explicitly in your repo-local semantic-release config.
-</p>
+## Quick Start
 
 Example `.releaserc.yaml`:
 
@@ -126,6 +97,36 @@ dryRun: false
 debug: false
 ```
 
+## Default Behavior
+
+The exported config uses this plugin chain:
+
+1. `@semantic-release/commit-analyzer`
+   with custom `releaseRules` for additional patch-triggering commit types
+2. `@semantic-release/release-notes-generator`
+3. `@semantic-release/changelog`
+4. `@semantic-release/npm`
+5. `@semantic-release/git`
+   commits `package.json`, `package-lock.json`, and `CHANGELOG.md`
+   with `release(version): Release ${nextRelease.version} [skip ci]`
+6. `@semantic-release/github`
+
+Release semantics match standard Conventional Commits and SemVer:
+
+- `fix` => patch
+- `feat` => minor
+- `BREAKING CHANGE` footer or `!` => major
+- `build`, `ci`, `chore`, `docs`, `refactor`, `style`, and `test` => patch in this preset
+
+## Compatibility
+
+This preset is actively maintained against the current stable `semantic-release` major.
+
+- tested with Node `22` and `24`
+- publish workflow runs on Node `24`
+- peer dependency ranges are pinned to currently supported plugin majors
+- this repository validates a `beta` prerelease branch with a repo-only release config
+
 ## When To Use This Preset
 
 Use this package when you want:
@@ -135,23 +136,58 @@ Use this package when you want:
 - the opinionated changelog formatting in this repository
 - a maintained upgrade path for this preset over time
 
-Use repo-local plugin composition instead when your team wants different plugins, different release rules, or full control over upgrade timing.
+Use repo-local plugin composition when your team wants different plugins, different release rules, or full control over upgrade timing.
 
 ## Repository Maintenance Notes
 
-- Consumer-facing examples now use `main`.
+- Consumer-facing examples use `main`.
 - Repository automation publishes stable releases from `main` and prereleases from `beta`.
-- The repository default branch is `main`, and all badges and examples now follow that.
-- The shared preset does not hardcode release branches for consumers; set `branches` in your repo-local config when you do not release from `main`.
+- The shared preset does not hardcode release branches for consumers.
 - Dependabot PRs can auto-refresh `package-lock.json` through the dedicated lockfile-fixer workflow.
 - Dependabot npm patch updates can enable GitHub auto-merge after required checks pass.
-- The old README wording that inverted `fix` and `feat` was documentation drift. The actual release behavior has been corrected and is now covered by tests.
+
+## System Requirements
+
+- Node `^22.14.0 || >=24.10.0`
+- npm
+- GitHub Actions or another CI system capable of providing `GITHUB_TOKEN` and `NPM_TOKEN`
+
+## Documentation
+
+- [GitHub Pages site](https://oleg-koval.github.io/semantic-release-npm-github-publish/)
+- [Release channel notes](./docs/release-channels.md)
+- [Changelog](./CHANGELOG.md)
+
+## Project Status
+
+Maintained. The package is intentionally small and follows the current stable semantic-release/plugin majors declared in `package.json`.
+
+## Security Notes
+
+This package does not handle tokens directly, but release workflows that use it normally require npm and GitHub credentials. Keep release tokens in CI secrets and avoid printing release logs that include credentials.
+
+Report vulnerabilities through the repository security advisory flow documented in [`SECURITY.md`](./SECURITY.md).
+
+## Support
+
+Donations are intentionally not configured for this repository.
 
 ## Contributing
 
-Issues and pull requests are welcome.
+Issues and pull requests are welcome. See [`CONTRIBUTING.md`](./CONTRIBUTING.md).
+
+## License
 
-## Built With
+MIT. See [`LICENSE`](./LICENSE).
 
-- [GitHub Actions](https://github.com/features/actions)
-- [semantic-release](https://github.com/semantic-release/semantic-release)
+## Author
+
+[Oleg Koval](https://github.com/oleg-koval)
+
+<p align="center">
+  <a href="https://www.npmjs.com/package/semantic-release-npm-github-publish">npm</a>
+  ·
+  <a href="https://github.com/oleg-koval/semantic-release-npm-github-publish">GitHub</a>
+  ·
+  <a href="https://oleg-koval.github.io/semantic-release-npm-github-publish/">Website</a>
+</p>