deploy-npmlisted

Release a Changesets + GitHub Actions + npm OIDC (trusted publisher) monorepo end-to-end. Use when asked to "release", "publish to npm", "ship a new version", "cut a release", "update the changelog and publish", or any package name + release verb.
kensaurus/cursor-kenji · ★ 4 · Web & Frontend · score 80

Install: claude install-skill kensaurus/cursor-kenji

# deploy-npm — Full release workflow This skill captures the **exact** workflow used to ship `mushi-mushi` v0.7.3 on 2026-05-27. It is opinionated for repos that use: - `pnpm` + `turbo` monorepo - `@changesets/cli` + `@changesets/action` for versioning and changelog generation - A GitHub Actions workflow named `Release` (`.github/workflows/release.yml`) that runs `changeset version` + `changeset publish` on push to `master` - npm Trusted Publisher (OIDC) with provenance — no long-lived `NPM_TOKEN` - `step-security/harden-runner` blocking some runner writes (notably git tag refs) Adapt the package / branch / workflow names if the target repo differs, but keep the **phase order** — every phase blocks on the previous one. --- ## Quick Start Copy this checklist into the conversation and tick boxes as you go: ``` Release progress: - [ ] Phase 0: Discover repo state (branch, open PRs, pending changesets) - [ ] Phase 1: Author / verify the changeset - [ ] Phase 2: Green the feature PR - [ ] Phase 3: Merge feature PR to master - [ ] Phase 4: Wait for & green the changesets Version PR - [ ] Phase 5: Merge Version PR → trigger publish - [ ] Phase 6: Handle github-actions[bot] anti-loop if push trigger didn't fire - [ ] Phase 7: Verify on npm (npm view) and on GitHub Releases - [ ] Phase 8: Create per-package GitHub Release notes if harden-runner blocked tags ``` --- ## Phase 0 — Discover repo state Before doing anything destructive, understand what's open: ```bash cd <repo-r