launchdarkly · joker23 · Mar 24, 2026 · Mar 23, 2026 · Mar 23, 2026 · Mar 24, 2026
@@ -35,18 +35,19 @@ designed to:
 > the npm package on npmjs in order to establish the trust.
 > See [this discussion](https://github.com/orgs/community/discussions/127011)
 
-1. Set the `package.json` version to `0.0.0`
-2. Login to npm `npm login`
-3. Publish the placeholder `npm publish --tag snapshot`
-   > NOTE: we set a manual tag here so that this package version
-   > does not map to `latest`
-4. Logout of npm `npm logout`
-
-After completing these steps, you should follow
+Run the placeholder publish script:
+```
+./scripts/publish-placeholder-package.sh packages/type/my-package
+```
+> The script handles `npm login`/`npm logout` internally and publishes an empty
+> `0.0.0` package under the `snapshot` tag so it does not become `latest`.
+
+After completing this step, follow
 [this doc](https://docs.npmjs.com/trusted-publishers#configuring-trusted-publishing)
-to configure trusted publishing on the new NPM package.
+to configure trusted publishing on the new NPM package, then mark the package public.
 
-After everything is set up, you can then mark the package public.
+> HINT: you will need to enable the `release-please.yml` workflow for
+> the repo called `js-core` in the `launchdarkly` org.
 
 ### Step 1. Extend `release-please-config.json`
 
@@ -120,4 +121,4 @@ jobs:
 > you should test your configuration on [your local machine](../.github/CI_CONTRIBUTING.md) if
 > possible.
 
-<!-- TODO document the stable release phase --->
+<!-- TODO document the stable release phase --->
@@ -0,0 +1,64 @@
+#!/bin/bash
+# Publishes a placeholder package to npmjs so that OIDC trusted publishing
+# can be configured. See contributing/publishing.md for details.
+#
+# Usage:
+#   ./scripts/publish-placeholder-package.sh packages/type/my-package
+
+set -e
+
+if [ -z "$1" ]; then
+  echo "Usage: $0 <workspace-path>"
+  echo "Example: $0 packages/sdk/react"
+  exit 1
+fi
+
+WORKSPACE_PATH="$1"
+
+if [ ! -f "$WORKSPACE_PATH/package.json" ]; then
+  echo "Error: $WORKSPACE_PATH/package.json not found"
+  exit 1
+fi
+
+PACKAGE_NAME=$(node -p "require('./$WORKSPACE_PATH/package.json').name")
+echo "Publishing placeholder for: $PACKAGE_NAME"
+
+# We must ensure that we are not publishing a placeholder to a package that already
+# exists on npm.
+if npm view "$PACKAGE_NAME" --json &>/dev/null; then
+  echo "Package $PACKAGE_NAME already exists on npm. Skipping placeholder publish."
+  exit 0
+fi
+
+TEMP_DIR=$(mktemp -d)
+
+cleanup() {
+  echo "Cleaning up temp directory..."
+  rm -rf "$TEMP_DIR"
+  echo "Logging out of npm..."
+  npm logout 2>/dev/null || true
+}
+trap cleanup EXIT
+
+echo "Logging in to npm..."
+npm login
+
+cat > "$TEMP_DIR/package.json" <<EOF
+{
+  "name": "$PACKAGE_NAME",
+  "version": "0.0.0",
+  "description": ""
+}
+EOF
+
+echo "Publishing $PACKAGE_NAME@0.0.0 with tag 'snapshot'..."
+npm publish --tag snapshot --access public "$TEMP_DIR"
+
+echo ""
+echo "Successfully published $PACKAGE_NAME@0.0.0"
+echo ""
+echo "Next steps:"
+echo "  1. Configure trusted publishing on npmjs:"
+echo "     https://docs.npmjs.com/trusted-publishers#configuring-trusted-publishing"
+echo "  2. Mark the package as public on npmjs"
+echo "  3. Continue with Step 1 in contributing/publishing.md"