Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

Loslegen

npm

Sterne5.143

Forks435

Aktualisiert23. Mai 2026 um 08:13

npm registry ops: login, whoami, names, publish; 1Password tmux.

Installation

Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.

In Manus ausführen

Quelle

steipete

steipete/agent-scripts

GitHub-Repository öffnen Creator-Repositorys ansehen

Download

In Manus ausführen

Verwandte BerufeSOC

Basierend auf der SOC-Berufsklassifikation

SoftwareentwicklerInformatik- und Mathematikberufe·SOC 15-1252

Datei-Explorer

2 Dateien

SKILL.md

readonly

name	npm
description	npm registry ops: login, whoami, names, publish; 1Password tmux.
metadata	{"clawdbot":{"emoji":"📦","requires":{"bins":["npm","node","tmux","op","jq"]}}}

npm

Use for npm registry/account tasks: npm whoami, package availability, package reservation, publish, org checks, and auth debugging.

Auth

Use one-password first for secret rules.
Never run op directly in the shell tool.
Known npm 1Password item: npmjs on my.1password.com.
The item may contain username/password/TOTP, not a stored npm token. That is fine.
Explicit user requests to release, publish, or npm publish are consent to complete npm auth, including a desktop 1Password sign-in/unlock prompt for the known npmjs item when service-account access cannot read it. Do not stop to ask for separate permission just because the npm auth prompt is expected.
Still stop and ask if the npmjs item is missing, the account/vault is ambiguous, credentials are malformed, npm denies package access, or the requested package/version does not match the repo release target.
Run npm auth work inside one persistent tmux session. Reuse it on failure.
Keep npm auth in a temp npmrc; delete it after the command.
If hand-rolling, read npmjs once, keep secrets in shell variables, require a six-digit op item get npmjs --account my.1password.com --otp, write a temp npmrc, run all npm commands with NPM_CONFIG_USERCONFIG, then delete the npmrc and unset variables.
npm 11 prompt piping is brittle; avoid printf ... | npm login --auth-type=legacy.
Avoid expect for npm login unless necessary; logs can echo prompts and are easy to get wrong.
Prefer the helper's registry API login path (npm-profile loginCouch) for automation.
If auth shape is ambiguous or npm whoami fails, stop and ask for the exact field label / credential fix. Do not probe more 1Password items or start another tmux session.

Package Reservation

Use scripts/reserve-packages.sh from inside the same tmux session:

/Users/steipete/Projects/agent-scripts/skills/npm/scripts/reserve-packages.sh package-one package-two

What it does:

reads npmjs once via op
creates an npm registry session from username/password/TOTP
publishes 0.0.0 placeholder packages with a generic README
continues after per-package publish failures
redacts tokens/OTP in logs
cleans temp npmrc/work dirs

Notes:

npm may reject names as too similar to already-published names. Treat that as a registry policy result, not an auth failure.
npm CLI prompt piping is brittle on npm 11. Prefer the helper’s registry API login path over scripted npm login.
For scoped packages, npm view can lag/404 even when the package exists. Check npm access get status <pkg>; public or a publish failure saying previously published versions means the name is reserved.

Mehr aus diesem Repository

gleiches Repository

maintainer-orchestrator

steipete/agent-scripts

Delegated maintainer ops: decision-ready PRs, worker monitoring, queue cleanup, releases.

2026-06-225.1k

clawsweeper-status

steipete/agent-scripts

ClawSweeper status: URLs, workflow health, active workers, ops snapshot.

2026-06-195.1k

release-mac-app

steipete/agent-scripts

macOS app release: Sparkle, notarization, GitHub Release, Homebrew, closeout.

2026-06-165.1k

agent-transcript

steipete/agent-scripts

GitHub PR/issue agent transcripts: redact, preview, and insert safely.

2026-06-145.1k

github-project-triage

steipete/agent-scripts

GitHub issue/PR triage: queues, CI, blockers, risk, proof, next actions.

2026-06-145.1k

skill-cleaner

steipete/agent-scripts

Codex/OpenClaw skill audit: live budget, usage, duplicates, compact descriptions.

2026-06-145.1k

npm

Use for npm registry/account tasks: npm whoami, package availability, package reservation, publish, org checks, and auth debugging.

Auth

Use one-password first for secret rules.

Never run op directly in the shell tool.

Known npm 1Password item: npmjs on my.1password.com.

The item may contain username/password/TOTP, not a stored npm token. That is fine.

Explicit user requests to release, publish, or npm publish are consent to complete npm auth, including a desktop 1Password sign-in/unlock prompt for the known npmjs item when service-account access cannot read it. Do not stop to ask for separate permission just because the npm auth prompt is expected.

Still stop and ask if the npmjs item is missing, the account/vault is ambiguous, credentials are malformed, npm denies package access, or the requested package/version does not match the repo release target.

Run npm auth work inside one persistent tmux session. Reuse it on failure.

Keep npm auth in a temp npmrc; delete it after the command.

If hand-rolling, read npmjs once, keep secrets in shell variables, require a six-digit op item get npmjs --account my.1password.com --otp, write a temp npmrc, run all npm commands with NPM_CONFIG_USERCONFIG, then delete the npmrc and unset variables.

npm 11 prompt piping is brittle; avoid printf ... | npm login --auth-type=legacy.

Avoid expect for npm login unless necessary; logs can echo prompts and are easy to get wrong.

Prefer the helper's registry API login path (npm-profile loginCouch) for automation.

If auth shape is ambiguous or npm whoami fails, stop and ask for the exact field label / credential fix. Do not probe more 1Password items or start another tmux session.

Package Reservation

Use scripts/reserve-packages.sh from inside the same tmux session:

/Users/steipete/Projects/agent-scripts/skills/npm/scripts/reserve-packages.sh package-one package-two

What it does:

reads npmjs once via op

creates an npm registry session from username/password/TOTP

publishes 0.0.0 placeholder packages with a generic README

continues after per-package publish failures

redacts tokens/OTP in logs

cleans temp npmrc/work dirs

Notes:

npm may reject names as too similar to already-published names. Treat that as a registry policy result, not an auth failure.

npm CLI prompt piping is brittle on npm 11. Prefer the helper’s registry API login path over scripted npm login.

For scoped packages, npm view can lag/404 even when the package exists. Check npm access get status <pkg>; public or a publish failure saying previously published versions means the name is reserved.