Publish a pack
Once a pack validates, publish it under a name to make it installable by
@scope/name instead of a raw
github:owner/repo@ref. See what the
registry is for the concept.
Publishing is never anonymous. You sign in with your GitHub account, and you can only publish
under your own GitHub name or a GitHub org you belong to. For example, only the
acme org's members can publish
@acme/security-review. No one can publish under your name.
1. Publish
baselane publish @acme/security-review --source github:acme/security-review-pack --ref v1.0.0
Resolves that tag, re-validates the pack it produces, and registers it under that name and version. On success it prints:
published @acme/security-review@1.0.0 (sha a1b2c3d)
2. Install it
baselane install @acme/security-review
With no @version, install resolves to the highest published semver version.
Shipped a fix? Tag v1.1.0 and publish again with the same command.
Every repo on 1.0.0 now shows as behind. See
creating and editing a pack for that loop.
Requirements
| Requirement | What happens if it's not met |
|---|---|
GITHUB_TOKEN | Required. Publish has no unauthenticated path. |
| Semver tag | --ref must be strict X.Y.Z (an optional v prefix is allowed); a branch name, sha, or arbitrary ref is rejected outright. |
| Matching namespace | @scope must match the authenticated GitHub user or org behind GITHUB_TOKEN, or the registry returns 403. |
| Unique version | Publishing the same name@version twice returns 409. Bump the tag instead. |