feat: initial release

.editorconfig

@@ -0,0 +1,10 @@
+; http://editorconfig.org
+
+root = true
+
+[*]
+indent_style = tab
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf

.github/workflows/pull_request.yml

@@ -0,0 +1,29 @@
+name: Pull Request
+
+on:
+	pull_request:
+		branches:
+			- main
+
+permissions:
+	contents: read
+
+jobs:
+	test:
+		runs-on: ubuntu-latest
+		steps:
+			- name: Checkout
+				uses: actions/checkout@v4
+
+			- uses: actions/setup-node@v4
+				with:
+					node-version: 20
+
+			- name: Install dependencies
+				run: npm clean-install
+
+			- name: Lint
+				run: npm run lint
+
+			- name: Test
+				run: npm run test

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+name: Release
+
+on:
+	push:
+		branches:
+			- main
+
+permissions:
+	contents: write # to be able to publish a GitHub release
+	issues: write # to be able to comment on released issues
+	pull-requests: write # to be able to comment on released pull requests
+	id-token: write # to enable use of OIDC for npm provenance
+
+jobs:
+	release:
+		name: Release
+		runs-on: ubuntu-latest
+		steps:
+			- name: Checkout
+				uses: actions/checkout@v4
+
+			- name: Setup Node.js
+				uses: actions/setup-node@v4
+				with:
+					node-version: 20
+
+			- name: Install dependencies
+				run: npm clean-install
+
+			- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+				run: npm audit signatures
+
+			- name: Self-publint
+				run: npm run lint
+
+			- name: Release
+				run: npx semantic-release
+				env:
+					GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+					NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.gitignore

@@ -0,0 +1 @@
+node_modules/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 William Killerud
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,77 @@
+# Publint Semantic Release Plugin
+
+This is a plugin for [semantic-release] that runs [publint] as part of the [Verify Conditions step], to help you catch packaging errors before publishing.
+
+By default the plugin will log all lint messages, but only fail verification if there are messages at the `error` level. You can turn on `strict` mode, which treats any `warning` as errors as well.
+
+## Usage
+
+```sh
+npm install --save-dev semantic-release-publint
+```
+
+```js
+// release.config.mjs
+/**
+ * @type {Partial<import('semantic-release').GlobalConfig>}
+ */
+export default {
+	plugins: [
+		"@semantic-release/commit-analyzer",
+		"@semantic-release/release-notes-generator",
+		[
+			"@semantic-release/npm",
+			{
+				tarballDir: "release",
+			},
+		],
+		[
+			"semantic-release-publint",
+			{
+				strict: true, // optional, to treat warnings as errors
+			},
+		],
+		[
+			"@semantic-release/github",
+			{
+				assets: "release/*.tgz",
+			},
+		],
+	],
+	branches: ["main"],
+};
+```
+
+## Options
+
+The config is passed to [publint].
+
+```js
+{
+  /**
+   * Path to your package that contains a package.json file.
+   * Defaults to `process.cwd()`.
+   */
+  pkgDir: './path/to/package',
+  /**
+   * The level of messages to log (default: `'suggestion'`).
+   * - `suggestion`: logs all messages
+   * - `warning`: logs only `warning` and `error` messages
+   * - `error`: logs only `error` messages
+   */
+  level: 'warning',
+  /**
+   * Report warnings as errors (default: `false`)
+   */
+  strict: true
+}
+```
+
+## Rules
+
+See the [publint documentation] for an explanation of the different rules and messages.
+
+[semantic-release]: https://github.com/semantic-release
+[publint]: https://github.com/bluwy/publint
+[Verify Conditions step]: https://github.com/semantic-release/semantic-release?tab=readme-ov-file#release-steps
+[publint documentation]: https://publint.dev/rules

fixtures/missing-files/package.json

@@ -0,0 +1,8 @@
+{
+	"name": "missing-files",
+	"version": "1.0.0",
+	"private": true,
+	"type": "module",
+	"main": "./missing.js",
+	"types": "./missing.d.ts"
+}

fixtures/ok/index.js

@@ -0,0 +1,3 @@
+export function hello() {
+	console.log("Hello, World!");
+}

fixtures/ok/package.json

@@ -0,0 +1,7 @@
+{
+	"name": "ok",
+	"version": "1.0.0",
+	"private": true,
+	"type": "module",
+	"main": "./index.js"
+}

index.js

@@ -0,0 +1,99 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import c from "picocolors";
+import { publint } from "publint";
+import { formatMessage } from "publint/utils";
+
+let DEBUG = Boolean(process.env.DEBUG);
+
+/**
+ * @typedef {Omit<import('publint').Options, 'vfs'>} PublintPluginConfig
+ */
+
+/**
+ * @param {PublintPluginConfig} [pluginConfig={}]
+ * @param {{ logger: { log: (message: string ) => void } }} [context={ logger: console }]
+ */
+export async function verifyConditions(
+	pluginConfig = {},
+	context = { logger: console }
+) {
+	let { logger } = context;
+
+	if (DEBUG) {
+		logger.log(`Running publint with config ${JSON.stringify(pluginConfig)}`);
+	}
+
+	let packageDirectory = pluginConfig.pkgDir
+		? path.resolve(pluginConfig.pkgDir)
+		: process.cwd();
+	let packageJsonPath = path.join(packageDirectory, "package.json");
+
+	if (DEBUG) {
+		logger.log(`running publint on ${packageJsonPath}`);
+	}
+
+	let { messages } = await publint({
+		...pluginConfig,
+		pkgDir: packageDirectory,
+	});
+
+	if (DEBUG) {
+		logger.log(`publint completed`);
+	}
+
+	if (messages.length === 0) {
+		logger.log(`${c.green("✓ no issues")}`);
+	} else {
+		if (DEBUG) {
+			logger.log(`reading and parsing ${packageJsonPath} contents`);
+		}
+		const packageJsonContent = await fs.readFile(packageJsonPath, "utf8");
+		const packageJson = JSON.parse(packageJsonContent);
+		if (DEBUG) {
+			logger.log(`read and parsed`);
+		}
+
+		let suggestions = messages.filter((m) => m.type === "suggestion");
+		let warnings = messages.filter((m) => m.type === "warning");
+		let errors = messages.filter((m) => m.type === "error");
+
+		let shouldThrow =
+			errors.length > 0 || (pluginConfig.strict && warnings.length > 0);
+
+		if (suggestions.length > 0) {
+			let title = c.bold("Suggestions:");
+			logger.log(title);
+			for (let suggestion of suggestions) {
+				let message = `  ${formatMessage(suggestion, packageJson)}`;
+				if (message) logger.log(message);
+			}
+		}
+
+		if (warnings.length > 0) {
+			let title = c.bold(c.yellow("Warnings:"));
+			logger.log(title);
+			for (let warning of warnings) {
+				let message = `  ${formatMessage(warning, packageJson)}`;
+				if (message) logger.log(message);
+			}
+		}
+
+		if (errors.length > 0) {
+			let title = c.bold(c.red("Errors:"));
+			logger.log(title);
+			for (let error of errors) {
+				let message = `  ${formatMessage(error, packageJson)}`;
+				if (message) logger.log(message);
+			}
+		}
+
+		if (shouldThrow) {
+			let message = `publint reported ${errors.length} errors and ${warnings.length} warnings`;
+			if (DEBUG) {
+				logger.log(message + ", throwing");
+			}
+			throw new Error(message);
+		}
+	}
+}

index.test.js

@@ -0,0 +1,15 @@
+import assert from "node:assert";
+import test from "node:test";
+import { verifyConditions } from "./index.js";
+
+test("throws SemanticReleaseError on publint error", async () => {
+	await assert.rejects(async () => {
+		await verifyConditions({ pkgDir: "./fixtures/missing-files/" });
+	});
+});
+
+test("does not throw when publint reports no errors", async () => {
+	await assert.doesNotReject(async () => {
+		await verifyConditions({ pkgDir: "./fixtures/ok/" });
+	});
+});