Runtime
Bundler
Package Manager
Test Runner
Guides
Reference
BlogInstall Bun
Package Manager Publishing & Analysis

bun publish

Use `bun publish` to publish a package to the npm registry

bun publish will automatically pack your package into a tarball, strip catalog and workspace protocols from the package.json (resolving versions if necessary), and publish to the registry specified in your configuration files. Both bunfig.toml and .npmrc files are supported.

terminal
## Publishing the package from the current working directory
$ bun publish

## Output
bun publish v1.3.5 (ca7428e9)

packed 203B package.json
packed 224B README.md
packed 30B index.ts
packed 0.64KB tsconfig.json

Total files: 4
Shasum: 79e2b4377b63f4de38dc7ea6e5e9dbee08311a69
Integrity: sha512-6QSNlDdSwyG/+[...]X6wXHriDWr6fA==
Unpacked size: 1.1KB
Packed size: 0.76KB
Tag: latest
Access: default
Registry: http://localhost:4873/

 + publish-1@1.0.0

Alternatively, you can pack and publish your package separately by using bun pm pack followed by bun publish with the path to the output tarball.

terminal
$ bun pm pack
...
$ bun publish ./package.tgz

bun publish will not run lifecycle scripts (prepublishOnly/prepack/prepare/postpack/publish/postpublish) if a tarball path is provided. Scripts will only be run if the package is packed by bun publish.

--access

The --access flag can be used to set the access level of the package being published. The access level can be one of public or restricted. Unscoped packages are always public, and attempting to publish an unscoped package with --access restricted will result in an error.

terminal
$ bun publish --access public

--access can also be set in the publishConfig field of your package.json.

package.json
{
  "publishConfig": {
    "access": "restricted"
  }
}

--tag

Set the tag of the package version being published. By default, the tag is latest. The initial version of a package is always given the latest tag in addition to the specified tag.

terminal
$ bun publish --tag alpha

--tag can also be set in the publishConfig field of your package.json.

package.json
{
  "publishConfig": {
    "tag": "next"
  }
}

--dry-run

The --dry-run flag can be used to simulate the publish process without actually publishing the package. This is useful for verifying the contents of the published package without actually publishing the package.

terminal
$ bun publish --dry-run

--tolerate-republish

Exit with code 0 instead of 1 if the package version already exists. Useful in CI/CD where jobs may be re-run.

terminal
$ bun publish --tolerate-republish

--gzip-level

Specify the level of gzip compression to use when packing the package. Only applies to bun publish without a tarball path argument. Values range from 0 to 9 (default is 9).

--auth-type

If you have 2FA enabled for your npm account, bun publish will prompt you for a one-time password. This can be done through a browser or the CLI. The --auth-type flag can be used to tell the npm registry which method you prefer. The possible values are web and legacy, with web being the default.

terminal
$ bun publish --auth-type legacy
...
This operation requires a one-time password.
Enter OTP: 123456
...

--otp

Provide a one-time password directly to the CLI. If the password is valid, this will skip the extra prompt for a one-time password before publishing. Example usage:

terminal
$ bun publish --otp 123456

bun publish respects the NPM_CONFIG_TOKEN environment variable which can be used when publishing in github actions or automated workflows.

CLI Usage

terminal
$ bun publish dist

Publishing Options

--access
string

The --access flag can be used to set the access level of the package being published. The access level can be one of public or restricted. Unscoped packages are always public, and attempting to publish an unscoped package with --access restricted will result in an error.

$ bun publish --access public

--access can also be set in the publishConfig field of your package.json.

package.json
{
	"publishConfig": {
		"access": "restricted"
	}
}
--tag
stringdefault: latest

Set the tag of the package version being published. By default, the tag is latest. The initial version of a package is always given the latest tag in addition to the specified tag.

$ bun publish --tag alpha

--tag can also be set in the publishConfig field of your package.json.

package.json
{
	"publishConfig": {
		"tag": "next"
	}
}
--dry-run=<val>
string

The --dry-run flag can be used to simulate the publish process without actually publishing the package. This is useful for verifying the contents of the published package without actually publishing the package.

$ bun publish --dry-run
--gzip-level
stringdefault: 9

Specify the level of gzip compression to use when packing the package. Only applies to bun publish without a tarball path argument. Values range from 0 to 9 (default is 9).

--auth-type
stringdefault: web

If you have 2FA enabled for your npm account, bun publish will prompt you for a one-time password. This can be done through a browser or the CLI. The --auth-type flag can be used to tell the npm registry which method you prefer. The possible values are web and legacy, with web being the default.

$ bun publish --auth-type legacy
...
This operation requires a one-time password.
Enter OTP: 123456
...
--otp
stringdefault: web

Provide a one-time password directly to the CLI. If the password is valid, this will skip the extra prompt for a one-time password before publishing. Example usage:

$ bun publish --otp 123456

bun publish respects the NPM_CONFIG_TOKEN environment variable which can be used when publishing in github actions or automated workflows.

Registry Configuration

Custom Registry

--registry
string

Specify registry URL, overriding .npmrc and bunfig.toml

$ bun publish --registry https://my-private-registry.com

SSL Certificates

--ca
string

Provide Certificate Authority signing certificate

--cafile
string

Path to Certificate Authority certificate file

$ bun publish --ca "-----BEGIN CERTIFICATE-----..."

Publishing Options

Dependency Management

-p, --production
boolean

Don't install devDependencies

--omit
string

Exclude dependency types: dev, optional, or peer

-f, --force
boolean

Always request the latest versions from the registry & reinstall all dependencies

Script Control

--ignore-scripts
boolean

Skip lifecycle scripts during packing and publishing

--trust
boolean

Add packages to trustedDependencies and run their scripts

Lifecycle Scripts — When providing a pre-built tarball, lifecycle scripts (prepublishOnly, prepack, etc.) are not executed. Scripts only run when Bun packs the package itself.

File Management

--no-save
boolean

Don't update package.json or lockfile

--frozen-lockfile
boolean

Disallow changes to lockfile

--yarn
boolean

Generate yarn.lock file (yarn v1 compatible)

Performance

--backend
string

Platform optimizations: clonefile (default), hardlink, symlink, or copyfile

--network-concurrency
numberdefault: 48

Maximum concurrent network requests

--concurrent-scripts
numberdefault: 5

Maximum concurrent lifecycle scripts

Output Control

--silent
boolean

Suppress all output

--verbose
boolean

Show detailed logging

--no-progress
boolean

Hide progress bar

--no-summary
boolean

Don't print publish summary

bunx

Run packages from npm

bun outdated

Check for outdated dependencies

On this page

--access
--tag
--dry-run
--tolerate-republish
--gzip-level
--auth-type
--otp
CLI Usage
Publishing Options
Registry Configuration
Custom Registry
SSL Certificates
Publishing Options
Dependency Management
Script Control
File Management
Performance
Output Control
Feedback