Skip to content

Fix prerelease detection by fetching packument #1745

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yonran wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Fix prerelease detection by fetching packument #1745

yonran wants to merge 7 commits into from

Conversation

@yonran
Copy link

@yonran yonran commented Oct 25, 2025
edited
Loading

Fix fetching of prerelease packages so that changeset publish does not try to overwrite existing package.

Previously, changeset publish would fetch the package using npm info (aka npm view) and then if the package did not exist, do the npm publish.

However, when fetching prereleased packages, npm info filters out any published prerelease package since it calls semver.satisfies without the {includePrerelease: true} option (view.js).

Example reproduction:

yarn changeset pre enter PXP-2165-publish-to-github-packages
yarn changeset version
yarn changeset publish

yarn changeset publish

The second publish log contained:

🦋  warn Received 404 for npm info "@themaven-net/tempest-common"
🦋  info @themaven-net/tempest-common is being published because our local version (1.2.0-PXP-2165-publish-to-github-packages.5) has not been published on npm
🦋  info Publishing "@themaven-net/tempest-common" at "1.2.0-PXP-2165-publish-to-github-packages.5"
…
🦋  error npm notice Publishing to https://npm.pkg.github.com/ with tag PXP-2165-publish-to-github-packages and restricted access
🦋  error npm error code E409
🦋  error npm error 409 Conflict - PUT https://npm.pkg.github.com/@themaven-net%2ftempest-common - Cannot publish over existing version

Disclosure: the code is all generated by claude code (sonnet 4.5) except the first commit which was gpt-5-codex-medium. Take it with a grain of salt.

yonran and others added 2 commits October 25, 2025 10:27
@yonran
Fix prerelease detection by fetching packument
2448972
@yonran @claude
Use pacote with npm config for prerelease version detection
9e5d1e5 
Replaced npm-registry-fetch with pacote and @npmcli/config to properly
fetch package metadata including prerelease versions with authentication.

The previous implementation using npm-registry-fetch failed to authenticate
because it doesn't automatically read .npmrc files. The new implementation:
- Uses @npmcli/config to load npm configuration from .npmrc files
- Passes flatOptions (including auth tokens) to pacote
- Converts pacote's versions object to an array for compatibility

This mirrors how npm CLI's `view` command works internally, ensuring proper
authentication and access to all versions including prereleases.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@changeset-bot
Copy link

changeset-bot bot commented Oct 25, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 6a6ab1f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@changesets/cli Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@codecov
Copy link

codecov bot commented Oct 25, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 94.44444% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 81.67%. Comparing base (9657b26) to head (6a6ab1f).

Files with missing lines Patch % Lines
packages/cli/src/commands/publish/npm-utils.ts 94.44% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1745      +/-   ##
==========================================
+ Coverage   80.69%   81.67%   +0.98%     
==========================================
  Files          54       54              
  Lines        2264     2276      +12     
  Branches      684      687       +3     
==========================================
+ Hits         1827     1859      +32     
+ Misses        432      412      -20     
  Partials        5        5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

yonran and others added 5 commits October 25, 2025 16:37
@yonran @claude
Add TypeScript types for pacote and @npmcli/config
2b158fa 
- Add @types/pacote and @types/npmcli__config as devDependencies
- Create local type declaration for @npmcli/config/lib/definitions internal path
- Add explicit return type to infoAllow404 for better type inference

Fixes tsc, lint, and coverage checks.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@yonran @claude
Fix code formatting with Prettier
1c45cff 
Apply Prettier formatting to npm-utils.ts and npmcli-config-definitions.d.ts
to pass format checks.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@yonran
add changeset
b5a3d49
@yonran
fix typo
dff646a
@yonran @claude
Add comprehensive test coverage for npm-utils
6a6ab1f 
Add test cases for:
- Error handling with error codes (E500, etc.)
- Error handling without error codes (network errors)
- Mock @npmcli/config to avoid actual config loading in tests

Improves npm-utils.ts coverage from 25.74% to 28.71% and branch coverage
from 15.91% to 26.14%.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@yonran yonran marked this pull request as ready for review October 26, 2025 08:14
@Andarist
Copy link
Member

Andarist commented Oct 30, 2025

I can't repro the problem. npm view @changesets/cli --json returns prereleases just fine for me. In this run, I can also clearly see this output:

🦋  warn @changesets/apply-release-plan is not being published because version 8.0.0-next.1 is already published on npm
🦋  warn @changesets/assemble-release-plan is not being published because version 7.0.0-next.1 is already published on npm
🦋  warn @changesets/changelog-git is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/changelog-github is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/cli is not being published because version 3.0.0-next.1 is already published on npm
🦋  warn @changesets/config is not being published because version 4.0.0-next.1 is already published on npm
🦋  warn @changesets/errors is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/get-dependents-graph is not being published because version 3.0.0-next.1 is already published on npm
🦋  warn @changesets/get-github-info is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/get-release-plan is not being published because version 5.0.0-next.1 is already published on npm
🦋  warn @changesets/get-version-range-type is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/git is not being published because version 4.0.0-next.1 is already published on npm
🦋  warn @changesets/logger is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/parse is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/pre is not being published because version 3.0.0-next.1 is already published on npm
🦋  warn @changesets/read is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/should-skip-package is not being published because version 1.0.0-next.1 is already published on npm
🦋  warn @changesets/types is not being published because version 7.0.0-next.1 is already published on npm
🦋  warn @changesets/write is not being published because version 1.0.0-next.1 is already published on npm
🦋  info @changesets/release-utils is being published because our local version (1.0.0-next.1) has not been published on npm
🦋  info Publishing "@changesets/release-utils" at "1.0.0-next.1"

It indicates that Changesets was able to determine that those prerelease versions exist just fine and didn't try to republish them.

benmccann
benmccann suggested changes Oct 30, 2025
View reviewed changes
Copy link
Contributor

@benmccann benmccann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR adds almost 200 dependencies. It would be nice to do as much as possible without so many dependencies. E.g. using the built-in fetch where possible

56 dependencies: https://npmgraph.js.org/?q=@npmcli/config
124 dependencies: https://npmgraph.js.org/?q=pacote

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@benmccann benmccann benmccann requested changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yonran @Andarist @benmccann