package-registry
Documentation guidance for projects published to npm and PyPI package registries. Covers metadata fields that affect registry pages, README cross-renderer compatibility, trusted publishing, provenance badges, and audit checks. Use when a project has package.json or pyproject.toml and is published publicly.
Best use case
package-registry is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Documentation guidance for projects published to npm and PyPI package registries. Covers metadata fields that affect registry pages, README cross-renderer compatibility, trusted publishing, provenance badges, and audit checks. Use when a project has package.json or pyproject.toml and is published publicly.
Teams using package-registry should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/package-registry/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How package-registry Compares
| Feature / Agent | package-registry | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Documentation guidance for projects published to npm and PyPI package registries. Covers metadata fields that affect registry pages, README cross-renderer compatibility, trusted publishing, provenance badges, and audit checks. Use when a project has package.json or pyproject.toml and is published publicly.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Package Registry Documentation Guidance ## When This Applies These checks are **conditional** — only run when the project is published to a package registry. | File Present | Registry | Action | |-------------|----------|--------| | `package.json` | npm (npmjs.com) | Check npm metadata fields, badge templates | | `pyproject.toml` | PyPI (pypi.org) | Check PyPI metadata fields, Markdown compatibility | | Both | npm + PyPI | Check both; cross-renderer compatibility is critical | Detection: ```bash [ -f "package.json" ] && echo "npm project detected" [ -f "pyproject.toml" ] && echo "PyPI project detected" ``` ## npm Registry Metadata The README displayed on npmjs.com comes from the **published tarball**, not live from GitHub. Changes to your README on GitHub do not update the npm page until you publish a new version. See `SKILL-reference.md` for the full `package.json` field table and always-included files list. ## PyPI Registry Metadata See `SKILL-reference.md` for the full `pyproject.toml` field table, well-known URL labels, and PEP 639 SPDX licence guidance. ### Verified vs Unverified Details PyPI's sidebar splits project information into two sections: - **Verified details** (green checkmark): URLs verified through Trusted Publisher. GitHub statistics (stars, forks) only shown here. - **Unverified details**: URLs and metadata that cannot be automatically verified. Configuring a Trusted Publisher automatically verifies the repository URL. ## README Cross-Renderer Compatibility READMEs render on multiple platforms. What works on GitHub may break on npm or PyPI. | Markdown Feature | GitHub | npm | PyPI | Workaround | |-----------------|--------|-----|------|------------| | Heading anchors (`#section`) | Yes | Yes | **No** | Use full URLs to GitHub README | | Relative images (`./docs/img.png`) | Yes | **No** | **No** | Use absolute `raw.githubusercontent.com` URLs | | GitHub callouts (`[!NOTE]`) | Yes | **No** | **No** | Use bold text or blockquotes | | `<details>`/`<summary>` | Yes | Yes | **Unreliable** | Avoid for critical content | | `colspan`/`rowspan` in tables | Partial | Partial | **No** | Use simpler table structures | | `<div align="center">` | Yes | Yes | **No** | Acceptable loss; PyPI strips most HTML alignment | | Mermaid diagrams | Yes | **No** | **No** | Use pre-rendered SVG/PNG images | | Task lists (`- [ ]`) | Yes | Yes | **No** | Use bullet lists with emoji checkmarks | | Footnotes | Yes | **No** | **No** | Use inline parenthetical notes | ### Key Rules for Multi-Renderer READMEs 1. **Always use absolute URLs for images** — relative paths break on both npm and PyPI 2. **Avoid GitHub-specific callouts** (`[!NOTE]`, `[!WARNING]`) — plain text elsewhere 3. **Avoid heading anchor links** if PyPI rendering matters — broken on PyPI 4. **Avoid `<details>`/`<summary>`** for critical content — unreliable on PyPI 5. **Test before publishing**: `twine check dist/*` validates PyPI README rendering ### Solving GitHub vs PyPI Differences For Python projects needing optimised READMEs on both platforms, consider `hatch-fancy-pypi-readme`: - Assembles PyPI READMEs from fragments - Runs regex substitutions to transform GitHub-specific content - Converts relative links to absolute links ## Trusted Publishing and Provenance This section covers documentation-relevant aspects. The plugin does NOT create publish workflows (that's DevOps). ### npm Trusted Publishing - **OIDC trusted publishing went GA July 2025** — replaces long-lived tokens entirely - Classic tokens permanently revoked December 2025; granular tokens max 90 days - Publishing with `--provenance` flag adds a **Sigstore badge** on npmjs.com linking to the exact source commit and build workflow - Requires `id-token: write` permission in GitHub Actions - `repository.url` in package.json must exactly match the GitHub repo URL (case-sensitive) ### PyPI Trusted Publishing - **Trusted Publisher since April 2023** — first major registry to support OIDC - **Digital attestations (PEP 740) since November 2024** — Sigstore signing for package files - "Verified details" sidebar badge appears automatically when trusted publisher is configured - Repository URL in `[project.urls]` must match the GitHub repo for verification - `pypa/gh-action-pypi-publish` handles publishing when configured as a trusted publisher ### What to Audit (Not Configure) - Check if `repository.url` (npm) or `[project.urls].Repository` (PyPI) matches the actual GitHub repo URL - Flag opportunity to add provenance/attestation badges to README if not present - Link to trusted publishing setup docs in audit output ## Registry-Specific Badges See `SKILL-reference.md` for npm and PyPI badge templates and recommended badge order. ## Audit Checklist See `SKILL-reference.md` for the full npm and PyPI audit checklists.
Related Skills
pitchdocs
Generate marketing-quality repository documentation from codebase analysis. Scans 10 signal categories, extracts features with file-level evidence, and produces README, CHANGELOG, ROADMAP, and 15+ more docs. Zero runtime dependencies. For AI context file management, see ContextDocs.
visual-standards
Visual formatting standards for repository documentation — emoji heading prefixes, horizontal rules, TOC anchors, callouts, screenshots (device dimensions, HTML patterns, captions, shadows), and image optimisation. Load when generating READMEs with visual elements or working with screenshots.
user-guides
Generates task-oriented user guides and how-to documentation for a repository. Creates docs/guides/ with step-by-step instructions for common workflows, integrations, and advanced usage. Links guides into README.md and CONTRIBUTING.md. Use when a project needs user-facing how-to documentation beyond the README quickstart.
roadmap
Generates ROADMAP.md from project milestones, issues, and boards (GitHub, GitLab, or Bitbucket). Structures content with mission statement, current milestone progress, upcoming milestones, and community involvement section. Use when creating or updating a project roadmap.
public-readme
Generates READMEs with the Daytona/Banesullivan marketing framework — hero section, benefit-driven features, quickstart, comparison tables, and compelling CTAs. Produces docs that sell as well as they inform. Use when creating or overhauling a project README.
platform-profiles
Platform-specific equivalents for GitLab and Bitbucket when generating repository documentation. Lookup tables for file paths, badges, Markdown rendering, CI/CD, and CLI tools. Load this skill when working on non-GitHub repos or generating cross-platform docs.
pitchdocs-suite
One-command generation and audit of the full public repository documentation set — README, CHANGELOG, ROADMAP, CONTRIBUTING, CODE_OF_CONDUCT, SECURITY, issue templates, PR template, and discussion templates. Use when setting up a new repo or auditing an existing one.
llms-txt
Generates llms.txt and llms-full.txt files following the llmstxt.org specification. Provides LLM-friendly content curation for AI coding assistants (Cursor, Windsurf, Claude Code) and AI search engines. Use when generating or updating llms.txt for a repository.
launch-artifacts
Transforms README and CHANGELOG into platform-specific launch content — Dev.to articles, Hacker News posts, Reddit posts, Twitter/X threads, and awesome list submission PRs. Keeps promotion tethered to code artifacts, not generic marketing. Use when launching or announcing a project release.
geo-optimisation
Generative Engine Optimisation (GEO) patterns for documentation that surfaces correctly in AI-generated answers — citation capsules, crisp definitions, atomic sections, comparison tables, statistics, and semantic scaffolding. Load when optimising docs for AI citation (ChatGPT, Perplexity, Google AI Overviews, Claude).
feature-benefits
Systematic codebase scanning for features and evidence-based feature-to-benefit translation. Extracts what a project does from its code and translates it into what users gain — generates features and benefits sections, "Why [Project]?" content, and feature audit reports. Use when writing a features table for a README, extracting features from code, auditing feature coverage, or answering "why should someone use this project?".
docs-verify
Validates documentation quality and freshness — checks for broken links, stale content, llms.txt sync, image issues, heading hierarchy, and badge URLs. Runs locally or in CI. Use to catch documentation decay before it reaches users.