Skip to content

fix: tolerate already-published npm packages in release workflow#61

Open
Wenxin-Jiang wants to merge 1 commit intomainfrom
fix/npm-publish-idempotent
Open

fix: tolerate already-published npm packages in release workflow#61
Wenxin-Jiang wants to merge 1 commit intomainfrom
fix/npm-publish-idempotent

Conversation

@Wenxin-Jiang
Copy link
Copy Markdown
Contributor

@Wenxin-Jiang Wenxin-Jiang commented Apr 8, 2026

Summary

  • Makes the npm publish loop idempotent — if a platform package is already published, it skips instead of failing
  • Same treatment for the main @socketsecurity/socket-patch package
  • Fixes the issue where a partial release failure (e.g. v2.1.3 where some packages published before the Sigstore 409) makes re-running the workflow impossible

Context

The v2.1.3 release partially published some npm platform packages before failing on socket-patch-linux-x64-musl (Sigstore transparency log conflict). Re-running the workflow then fails immediately on the first already-published package because set -e aborts the script.

Test plan

  • Merge and re-trigger the Release workflow for v2.1.3
  • Verify already-published packages are skipped and remaining ones publish successfully

🤖 Generated with Claude Code

@Wenxin-Jiang @claude
fix: tolerate already-published npm packages in release workflow
a87e11d 
When a release run partially succeeds (some platform packages publish
but a later one fails), re-running the workflow would fail immediately
on the first already-published package. Now checks if the version is
already on the registry and skips it instead of failing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Wenxin-Jiang