问HN:是时候停止在package.json中添加版本号了吗?
我制作了一个名为 `hipp` 的工具,用于消除 npm 包中的 'chore: version bump' 提交,并附带了简单的内容完整性检查作为额外功能。
这个想法是将 package.json 的版本保持为 0.0.0,在 git 中标记你的发布(例如,v1.2.3),然后进行发布。
HIPP 会动态重写版本,并将一个带有一次性密钥的签名清单附加到 README 中。
有没有我没有考虑到的因素,使这个想法变得不合理?它简化了我的工作流程,同时提供了一种证明 npm 中的内容与 git 中该版本的内容相同的方法。它还确保发布到 npm 的人和与该版本关联的提交者是同一个人。
不依赖于除 git 和 npm 以外的任何东西。
简而言之:
```
git tag v1.0.0
git push origin main --tags
npx @dk/hipp
npx @dk/hipp verify
https://www.npmjs.com/package/@dk/hipp
```
查看原文
I made a tool called `hipp` to eliminate 'chore: version bump' commits for npm packages, and I included simple content integrity as a bonus.<p>The idea is to keep the package.json version at 0.0.0, tag your release in git (e.g., v1.2.3), and publish.<p>HIPP rewrites the version on the fly and appends a signed manifest to the README with a disposable key.<p>Is there something I haven't thought of that makes this a bad idea? It simplifies my workflow and also provides a way to prove that what's in npm is the same as what's in git for that version. It also ensures that the person who published to npm is the same as the person who made the commit tied to that version.<p>No dependencies on anything other than git and npm.<p>TL;DR<p>git tag v1.0.0<p>git push origin main --tags<p>npx @dk/hipp<p>npx @dk/hipp verify<p>https://www.npmjs.com/package/@dk/hipp