CLI (npm, Homebrew, macOS)
The CLI target builds a Node-based command-line tool. Because it is a normal npm package (with a bin), the most common way to ship it is npm, so users can npm install -g. The release workflow can also attach the built tarball to the GitHub Release and update a Homebrew tap. See the CLI configuration for options.
These three registry keys are independent, and you can enable any combination:
| Key | What it does | Auth |
|---|---|---|
npm |
Publishes the package to npm for npm install -g. |
OIDC (default) or token |
macos |
Attaches the built tarball to the GitHub Release. | none (uses GITHUB_TOKEN) |
homebrew |
Regenerates a Homebrew formula in a tap repo (it installs the npm tarball). | HOMEBREW_TAP_TOKEN |
Enable publishing
{
"targets": {
"cli": {
"binaryName": "acme",
"publish": {
"npm": true,
"homebrew": { "tapRepo": "acme/homebrew-tap" }
}
}
}
}
Publish to npm
The generated CLI is published to npm the same way as the TypeScript SDK: OIDC trusted publishing by default, with an npm token as the fallback. Authenticate one of two ways.
Trusted publishing (OIDC), recommended. On npmjs.com, open the package and add a Trusted Publisher → GitHub Actions pointing at your linked repository and the workflow sdk-release.yml. Nothing is stored in your repo.
{ "targets": { "cli": { "publish": { "npm": true } } } }
npm token. Create a Granular Access or Automation token on npmjs.com, add it as a repository secret named NPM_TOKEN (see Adding repository secrets), and switch the target to token auth:
{
"targets": {
"cli": {
"publish": { "npm": { "authMethod": "access-token" } }
}
}
}
The npm publish step is idempotent (skips a version already on the registry) and publishes scoped packages with --access public.
Homebrew
Homebrew installs the tarball attached to the GitHub Release, so enabling it also attaches the asset.
Create a tap repository
Create a repository named homebrew-<name> under your org (for example acme/homebrew-tap). Point tapRepo at it. If you omit tapRepo, Scalar uses the conventional <your-repo>-homebrew sibling.
Create a token for the tap
Create a GitHub token with write access to the tap repository: a fine-grained token scoped to the tap with Contents: read and write, or a classic token with the repo scope.
Add it to the SDK repository
Add the token as a repository secret named HOMEBREW_TAP_TOKEN on the SDK repository (not the tap). See Adding repository secrets.
macOS
Set macos to attach the built tarball to the GitHub Release without a Homebrew formula. It uses the built-in GITHUB_TOKEN, so no secret is needed.
{ "targets": { "cli": { "publish": { "macos": true } } } }
How consumers install it
# npm
npm install -g acme
# Homebrew
brew install acme/tap/acme
Notes
- The CLI release workflow is the only one that requests
contents: write, because it can upload release assets. - The Homebrew formula is rewritten in full each release, so it works on the first publish and is a no-op when nothing changed. The release upload uses
--clobber, so re-runs are idempotent.