Skip to content

Fix: add missing repository field to package.json files for npm provenance#23078

Merged
vraja-pro merged 1 commit intotrunkfrom
fix-publish-npm-package-workflow-add-repository-field-npm-provenance
Mar 16, 2026
Merged

Fix: add missing repository field to package.json files for npm provenance#23078
vraja-pro merged 1 commit intotrunkfrom
fix-publish-npm-package-workflow-add-repository-field-npm-provenance

Conversation

@vraja-pro
Copy link
Copy Markdown
Contributor

@vraja-pro vraja-pro commented Mar 16, 2026
edited
Loading

Context

When publishing npm packages with --provenance, npm registry verifies that the repository.url in package.json matches the GitHub repository URL recorded in the provenance statement. Several packages were missing the repository field entirely (treated as ""), causing a 422 error from the npm registry during publishing.

Summary

This PR can be summarized in the following changelog entry:

  • Adds missing repository field to package.json for packages that lacked it, fixing npm provenance verification during publishing.

Relevant technical choices:

  • Added the repository field with type, url, and directory to the seven package.json files that were missing it: tailwindcss-preset, ui-library, related-keyphrase-suggestions, dashboard-frontend, e2e-tests, jest-preset, and postcss-preset.

Test instructions

Test instructions for the acceptance test before the PR gets merged

This PR can be acceptance tested by following these steps:

  • Trigger the "Publish NPM Packages" workflow and verify it no longer fails with a 422 provenance error.

Relevant test scenarios

  • Changes should be tested with the browser console open
  • Changes should be tested on different posts/pages/taxonomies/custom post types/custom taxonomies
  • Changes should be tested on different editors (Default Block/Gutenberg/Classic/Elementor/other)
  • Changes should be tested on different browsers
  • Changes should be tested on multisite

Test instructions for QA when the code is in the RC

  • QA should use the same steps as above.

QA can test this PR by following these steps:

  • No user-facing changes. QA can verify the npm publish workflow runs successfully.

Impact check

This PR affects the following parts of the plugin, which may require extra testing:

  • npm publishing workflow only. No runtime plugin code is affected.

Other environments

  • This PR also affects Shopify. I have added a changelog entry starting with [shopify-seo], added test instructions for Shopify and attached the Shopify label to this PR.
  • This PR also affects Yoast SEO for Google Docs. I have added a changelog entry starting with [yoast-doc-extension], added test instructions for Yoast SEO for Google Docs and attached the Google Docs Add-on label to this PR.

Documentation

  • I have written documentation for this change. For example, comments in the Relevant technical choices, comments in the code, documentation on Confluence / shared Google Drive / Yoast developer portal, or other.

Quality assurance

  • I have tested this code to the best of my abilities.
  • During testing, I had activated all plugins that Yoast SEO provides integrations for.
  • I have added unit tests to verify the code works as intended.
  • If any part of the code is behind a feature flag, my test instructions also cover cases where the feature flag is switched off.
  • I have written this PR in accordance with my team's definition of done.
  • I have checked that the base branch is correctly set.
  • I have run grunt build:images and commited the results, if my PR introduces new images or SVGs.

Innovation

  • No innovation project is applicable for this PR.
  • This PR falls under an innovation project. I have attached the innovation label.
  • I have added my hours to the WBSO document.

Fixes Release NPM packages

@vraja-pro @claude
Fix: add missing repository field to package.json files for npm prove…
5a1fa42 
…nance

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vraja-pro vraja-pro requested a review from a team as a code owner March 16, 2026 10:19
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 16, 2026

@vraja-pro Please be aware that following packages have been abandoned and are not actively maintained anymore:

Package name Path
@yoast/babel-preset packages/babel-preset
@yoast/components packages/components
@yoast/e2e-tests packages/e2e-tests
@yoast/helpers packages/helpers
@yoast/jest-preset packages/jest-preset
@yoast/style-guide packages/style-guide
eslint-config-yoast packages/esling-config-yoast

Please consider using the other packages instead.

@vraja-pro vraja-pro added the changelog: non-user-facing Needs to be included in the 'Non-userfacing' category in the changelog label Mar 16, 2026
@vraja-pro vraja-pro added this to the 27.3 milestone Mar 16, 2026
@vraja-pro vraja-pro merged commit 65e4382 into trunk Mar 16, 2026
22 of 25 checks passed
@vraja-pro vraja-pro deleted the fix-publish-npm-package-workflow-add-repository-field-npm-provenance branch March 16, 2026 10:33
@coveralls
Copy link
Copy Markdown

coveralls commented Mar 16, 2026

Pull Request Test Coverage Report for Build b89635a6939e8d28fe6d879cdcd20c8864e88ac5

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 53.469%
Totals Coverage Status
Change from base Build b3f161924f69c3ef26e8828fc295155fb9500f49: 0.0%
Covered Lines: 34321
Relevant Lines: 64490
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

changelog: non-user-facing Needs to be included in the 'Non-userfacing' category in the changelog

Projects

None yet

Milestone

27.3

Development

Successfully merging this pull request may close these issues.

2 participants

@vraja-pro @coveralls