chore: add publish-canary command

[ymc9]

Summary by CodeRabbit

• Chores
  • Added a new publishing script for canary releases, enabling the distribution of pre-release versions to testing and early-access users.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Added a new publish-canary npm script to package.json that executes pnpm publish across all packages with a canary tag and the --no-git-checks flag.

Changes

Cohort / File(s)	Summary
npm scripts configuration package.json	Added publish-canary script to enable canary package publishing with --no-git-checks flag

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore: add publish/unpublish preview scripts #19: Adds publish-related npm scripts to package.json (publish-preview/unpublish-preview) similar to this canary publishing addition

Poem

🐰 A canary script hops in with glee,
Publishing packages wild and free,
No git checks to block the spree,
Version tags fly, hop-hop-hooray! 🚀

---

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 233b47d and 482acf0.

📒 Files selected for processing (1)

• package.json

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @ymc9's task —— View job

---

PR Review Complete ✅

I've reviewed the addition of the publish-canary command to the package.json scripts section. Here's my comprehensive analysis:

Todo List

• Read the package.json changes
• Analyze code quality and best practices
• Check for potential bugs or issues
• Review performance considerations
• Examine security concerns
• Assess test coverage needs
• Provide comprehensive feedback

Review Feedback

✅ Code Quality & Best Practices

The new script follows the existing patterns in the project:

• Consistent with other publishing scripts (publish-all, publish-preview)
• Uses the same pnpm workspace filtering pattern: --filter "./packages/**" -r
• Maintains the established script naming convention
• Properly placed alphabetically in the scripts section

✅ Command Analysis

The added command: pnpm --filter "./packages/**" -r publish --access public --tag canary --no-git-checks

Breakdown:

• --filter "./packages/**": Targets all packages in the packages directory (consistent with monorepo structure)
• -r: Recursive execution across workspaces
• --access public: Makes packages publicly available on npm
• --tag canary: Publishes with the "canary" tag instead of "latest" ✅
• --no-git-checks: Skips git validation checks ⚠️

⚠️ Potential Concerns

1. Git Safety: The --no-git-checks flag bypasses git validation, which could allow publishing from:

   • Uncommitted changes
   • Non-main branches without proper validation
   • Dirty working directories

   Recommendation: Consider if this is intentional for canary releases, or if some git validation should remain.

2. Missing Version Strategy: Canary releases typically need version bumping strategy. The command doesn't specify how versions should be handled for canary releases.

✅ Security Considerations

• Command is safe - uses standard npm publishing flags
• Access is appropriately set to public (consistent with existing scripts)
• No credential exposure or injection vulnerabilities

✅ Performance Considerations

• Efficient workspace targeting with pnpm filtering
• No performance concerns identified

📋 Test Coverage

No tests are needed for package.json script additions, but consider:

• Documenting the new command in project documentation
• Adding usage examples for when to use canary vs regular publishing

🔍 Comparison with Existing Scripts

• publish-all: Standard release to latest tag with git checks
• publish-canary: Pre-release to canary tag without git checks ← NEW
• publish-preview: Internal preview registry with force flag

The new script fills a legitimate gap for canary/pre-release publishing.

✅ Overall Assessment

This is a solid, straightforward addition that follows project conventions. The --no-git-checks flag is the main consideration point - it's likely intentional for canary workflows but worth confirming it aligns with your release process.

Recommendation: Approve - This change is ready to merge as-is, though you may want to document when to use publish-canary vs publish-all.

[Copilot]

Pull request overview

This PR adds a new npm script publish-canary to enable publishing canary versions of packages with the canary dist-tag, bypassing git checks. This is useful for testing pre-release versions without affecting the stable release channel.

Changes:

• Added publish-canary script to package.json that publishes all workspace packages with the canary tag and skips git checks

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.