feat(publish): npm 包名 @opensec/secbot 与公开发布配置

Made-with: Cursor

Author: iammm0

.github/workflows/release.yml

@@ -1,4 +1,4 @@
-# 自动发布（以 2.0.0 为例）
+# 自动发布 npm 包 @opensec/secbot（以 2.0.0 / 标签 v2.0.0 为例）
 # 1. 确认根目录 package.json 的 version 与即将打的标签一致（如 2.0.0 对应标签 v2.0.0）。
 # 2. 在仓库 Settings → Secrets and variables → Actions 中配置 NPM_TOKEN（npm 侧「Access Token」，
 #    类型选 Automation，并具备该包的 publish 权限；若包名尚未占用，请先在 npm 网页注册）。
@@ -54,7 +54,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: secbot-npm-package
-          path: secbot-*.tgz
+          path: '*.tgz'
 
   upload-assets:
     name: GitHub Release assets

README.md

@@ -106,7 +106,7 @@ flowchart LR
 ### 方式一：从 npm 安装
 
 ```bash
-npm install -g secbot
+npm install -g @opensec/secbot
 secbot
 ```
 

README_EN.md

@@ -114,7 +114,7 @@ flowchart LR
 ### Option A: Install from npm
 
 ```bash
-npm install -g secbot
+npm install -g @opensec/secbot
 secbot
 ```
 

docs/RELEASE.md

@@ -14,11 +14,11 @@
 
 ```bash
 # 全局安装
-npm install -g secbot
+npm install -g @opensec/secbot
 secbot
 
 # 或通过 npx 直接运行
-npx secbot
+npx @opensec/secbot
 ```
 
 在首次启动前创建 `.env` 文件。最小示例：

package-lock.json

@@ -1,5 +1,5 @@
 {
-  "name": "secbot",
+  "name": "@opensec/secbot",
   "version": "2.0.0",
   "description": "Secbot pure TypeScript security automation backend and CLI.",
   "type": "commonjs",
@@ -54,6 +54,9 @@
     "type": "git",
     "url": "https://github.com/iammm0/secbot.git"
   },
+  "publishConfig": {
+    "access": "public"
+  },
   "license": "MIT",
   "dependencies": {
     "@nestjs/common": "^11.0.0",

package.json

@@ -1,15 +1,15 @@
-@echo off
-setlocal
-cd /d "%~dp0\.."
-
-echo Building Secbot npm release package...
-npm run release:pack
-if errorlevel 1 (
-  echo Release build failed.
-  exit /b 1
-)
-
-echo Release package created successfully.
-for %%f in (secbot-*.tgz) do echo   %%f
-endlocal
+@echo off
+setlocal
+cd /d "%~dp0\.."
+
+echo Building Secbot npm release package...
+npm run release:pack
+if errorlevel 1 (
+  echo Release build failed.
+  exit /b 1
+)
+
+echo Release package created successfully.
+for %%f in (*.tgz) do echo   %%f
+endlocal
 pause

scripts/build_release.bat

@@ -1,10 +1,10 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-cd "$(dirname "$0")/.."
-
-echo "Building Secbot npm release package..."
-npm run release:pack
-
-echo "Release package created successfully."
-ls -1 secbot-*.tgz 2>/dev/null || true
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd "$(dirname "$0")/.."
+
+echo "Building Secbot npm release package..."
+npm run release:pack
+
+echo "Release package created successfully."
+ls -1 ./*.tgz 2>/dev/null || true

scripts/build_release.sh

@@ -13,6 +13,17 @@ const REPO_ROOT = path.resolve(__dirname, '..');
 const NPM_EXEC_PATH = process.env.npm_execpath || '';
 const VERIFY_PREFIX = '[release:verify]';
 
+function nodeModulesDirForPackageName(packageName) {
+  if (packageName.startsWith('@')) {
+    const [scope, name] = packageName.split('/');
+    if (!scope || !name) {
+      throw new Error(`Invalid scoped package name: ${packageName}`);
+    }
+    return path.join('node_modules', scope, name);
+  }
+  return path.join('node_modules', packageName);
+}
+
 function log(message) {
   // eslint-disable-next-line no-console
   console.log(`${VERIFY_PREFIX} ${message}`);
@@ -198,7 +209,11 @@ async function main() {
     await runNpm(['init', '-y'], { cwd: tempDir, stdio: 'ignore' });
     await runNpm(['install', tarballPath, '--silent'], { cwd: tempDir });
 
-    const installedPkgPath = path.join(tempDir, 'node_modules', 'secbot', 'package.json');
+    const rootPkg = parseJsonText(
+      await fsp.readFile(path.join(REPO_ROOT, 'package.json'), 'utf8'),
+      'Failed to read root package.json',
+    );
+    const installedPkgPath = path.join(tempDir, nodeModulesDirForPackageName(rootPkg.name), 'package.json');
     if (!fs.existsSync(installedPkgPath)) {
       throw new Error('Installed package.json not found');
     }