feat(publish): make package installable from Gitea npm registry (WHYNOT-WP-0003 T02)
- package.json: private:false; real repository.url; publishConfig.registry →
coulomb Gitea npm; lit dependency → peerDependency (^3) + devDependency;
ship the ir/ consumer contract (files + ./ir/* export); add PUBLISHING.md to files.
- .npmrc: real @whynot scope registry + ${NPM_AUTH_TOKEN} ref (no secret committed).
- PUBLISHING.md: publish flow, token routing (operator/OpenBao — warden route is not
in this CLI), and consumer install.
- README: registry-install path + lit peer note. CHANGELOG: Added/Changed entries.
Config + packaging validated via `npm pack --dry-run` (ir/, tokens, CSS, PUBLISHING.md
included; .npmrc excluded). Actual `npm publish` + install-verify is gated on a Gitea
NPM_AUTH_TOKEN (operator-owned) and an explicit outward-publish go-ahead.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
11
.npmrc
11
.npmrc
@@ -1,5 +1,6 @@
|
||||
# When ready to publish to Gitea Packages, uncomment and set NPM_AUTH_TOKEN
|
||||
# in your shell or CI secrets.
|
||||
#
|
||||
# @whynot:registry=https://gitea.example.com/api/packages/whynot/npm/
|
||||
# //gitea.example.com/api/packages/whynot/npm/:_authToken=${NPM_AUTH_TOKEN}
|
||||
# @whynot/* is published to and installed from the coulomb Gitea npm registry.
|
||||
# The auth token is NOT stored here — set NPM_AUTH_TOKEN in your shell/CI.
|
||||
# It is operator/OpenBao-owned (credential-routing.md: tokens route, never vend);
|
||||
# obtain a Gitea package token from the operator. Publish flow: see PUBLISHING.md.
|
||||
@whynot:registry=https://gitea.coulomb.social/api/packages/coulomb/npm/
|
||||
//gitea.coulomb.social/api/packages/coulomb/npm/:_authToken=${NPM_AUTH_TOKEN}
|
||||
|
||||
Reference in New Issue
Block a user