steipete/npm

npm registry ops: login, whoami, names, publish; 1Password tmux.

O que é npm?

npm is a Claude Code agent skill that npm registry ops: login, whoami, names, publish; 1Password tmux.

Funciona com~Claude Code~Codex CLI~Cursor
npx skills add https://github.com/steipete/agent-scripts/tree/main/skills/npm

Installed? Explore more Programação e Desenvolvimento skills: steipete/bluebubbles, steipete/eightctl, steipete/blucli · View all 6 →

Perguntar na sua IA favorita

Abre um novo chat com esta habilidade de agente já pré-carregada.

Documentação

O que npm faz?

Use for npm registry/account tasks: npm whoami, package availability, package reservation, publish, org checks, and auth debugging.

Auth

  • Use one-password first for secret rules.
  • Never run op directly in the shell tool.
  • Primary item: npm Registry - steipete - Release Automation in Molty.
  • Default to OP_SERVICE_ACCOUNT_TOKEN; no desktop unlock. The item carries the working registry session (registry_token) plus username/password/TOTP fallback.
  • Desktop npmjs fallback is explicit only: pass --account my.1password.com when Molty is unavailable and the user wants the fallback. Explicit release/publish requests are consent for its unlock prompt.
  • Stop and ask if the item is missing, the account/vault is ambiguous, credentials are malformed, npm denies package access, or the requested package/version does not match the repo release target.
  • Run npm auth work inside one persistent tmux session. Reuse it on failure.
  • Keep npm auth in a temp npmrc; delete it after the command.
  • All helpers share scripts/npm-auth.sh: stored registry_token session first, then scripts/npm-auth-login.mjs registry login with a fresh six-digit OTP; successful fallback sessions are cached back to the same item. Do not hand-roll field extraction, registry login, or cache writes.
  • Credential selection prefers canonical field id, then purpose, then a unique label; duplicate label-only matches are rejected (legacy npmjs may retain same-label fields).
  • For ad-hoc authenticated registry commands, use scripts/npm-service.sh -- <npm args...>; use publish-package.sh for a local package.
  • npm 11 prompt piping is brittle; avoid printf ... | npm login --auth-type=legacy.
  • Avoid expect for npm login unless necessary; logs can echo prompts and are easy to get wrong.
  • Prefer the helper's registry API login path (npm-profile loginCouch) for automation.
  • If auth shape is ambiguous or npm whoami fails, stop and ask for the exact field label / credential fix. Do not probe more 1Password items or start another tmux session.

Package Publishing

From the package root, inside the same auth tmux session:

/Users/steipete/Projects/agent-scripts/skills/npm/scripts/publish-package.sh

The helper verifies identity, refuses an existing package version, publishes with a fresh OTP, retries one expired OTP, verifies registry visibility, and cleans auth files.

Package Reservation

Use scripts/reserve-packages.sh from inside the same tmux session:

/Users/steipete/Projects/agent-scripts/skills/npm/scripts/reserve-packages.sh package-one package-two

What it does:

  • reads the Molty release-automation item once via op
  • reuses the stored registry session or creates one from username/password/TOTP
  • publishes 0.0.0 placeholder packages with a generic README
  • continues after per-package publish failures
  • redacts tokens/OTP in logs
  • cleans temp npmrc/work dirs

Notes:

  • npm may reject names as too similar to already-published names. Treat that as a registry policy result, not an auth failure.
  • npm CLI prompt piping is brittle on npm 11. Prefer the helper’s registry API login path over scripted npm login.
  • For scoped packages, npm view can lag/404 even when the package exists. Check npm access get status <pkg>; public or a publish failure saying previously published versions means the name is reserved.

Individual skills in this repo

This repo contains 20 individual skills — each has its own dedicated page.

steipete/agent-transcript

GitHub PR/issue agent transcripts: redact, preview, and insert safely.

steipete/beeper

Beeper cache: contact hints, room lookup, WhatsApp/iMessage traces, FTS.

steipete/browser-use

Existing Chrome automation: Chrome plugin first, mcporter fallback.

steipete/clawsweeper-status

ClawSweeper status: URLs, workflow health, active workers, ops snapshot.

steipete/clickclack

ClickClack ops: chat app, Hetzner deploy, DNS/docs/app, Docker rollout.

steipete/cloudflare-registrar

Cloudflare Registrar: domain availability, prices, registration via mcporter.

steipete/codex-debugging

Codex debugging: codex-rs core/tui/exec/cli/app-server/config.

steipete/create-cli

CLI UX/spec: args, flags, help, output, errors, config, dry-run.

steipete/discord-clawd

Discord-backed OpenClaw agent/session relay; not archive search.

steipete/domain-dns-ops

DNS/domain ops: registrars, zones, redirects, DNS/HTTP verify, manager truth.

steipete/frontend-design

Frontend UI: pages, apps, components, polished non-generic design.

steipete/github-author-context

GitHub contributor context: identity, activity, trust, company/team signal.

steipete/github-cache-hygiene

GitHub quota/cache hygiene: gh, ghx, xcache, gitcrawl, mirrors, limits.

steipete/github-deep-review

GitHub deep review: bugs, PRs, best fix, stale-or-real, read code first.

steipete/github-project-triage

GitHub issue/PR triage: queues, CI, blockers, risk, proof, next actions.

steipete/hopper-debugger

Hopper debugging: macOS/iOS binaries, ObjC/Swift symbols, dyld, LLDB.

steipete/instruments-profiling

Instruments/xctrace profiling: macOS/iOS traces, binaries, args, exports.

steipete/mac-maintenance

Mac upkeep: brew update/upgrade, pull clean repos, empty Trash.

steipete/maintainer-orchestrator

Open-source maintainer orchestration: Codex app workers, work recovery, dependencies, vision, releases.

steipete/markdown-converter

Markdown conversion: PDF, Office, HTML, data, OCR, audio, ZIP, YouTube.

Habilidades Relacionadas