Problem
Every npm publish run emits the following warning:
npm warn publish npm auto-corrected some errors in your package.json when publishing.
npm warn publish errors corrected:
npm warn publish "bin[openqa]" script name src/cli/bin.js was invalid and removed
The warning says npm removed the bin entry from the published package. If this is actually happening (not just a cosmetic warning), then npx openqa init would silently fail for users who install the package — the CLI command wouldn't be registered.
Current package.json bin config
"bin": {
"openqa": "./src/cli/bin.js"
}src/cli/bin.js has the correct shebang (#!/usr/bin/env node) and is marked executable (-rwxr-xr-x).
What to investigate
-
Verify the CLI works post-install: Run npm install openqa@0.0.7 in a fresh temp directory and confirm npx openqa (or ./node_modules/.bin/openqa) is available and runnable.
-
Check if the bin entry is in the published tarball: Run npm pack --dry-run and then tar -tzf openqa-0.0.7.tgz to see if package.json inside the tarball contains the bin field.
-
Run npm pkg fix: npm specifically recommends this. Run it and see what it changes — it may reveal the exact validation failure.
-
Check npm's bin validation rules: npm validates that bin script values are relative paths within the package and that the key (command name) is a valid executable name. The key "openqa" is valid; the value "./src/cli/bin.js" should also be valid. But npm might be rejecting it for a non-obvious reason (e.g. .js extension handling on Windows, or a validation change in a recent npm version).
References
Priority
Medium — the warning has been present since at least v0.0.6. The CLI likely still works (npm may apply the fix silently before publishing while keeping the bin in the tarball), but this needs to be confirmed and the root cause understood.
Problem
Every
npm publishrun emits the following warning:The warning says npm removed the
binentry from the published package. If this is actually happening (not just a cosmetic warning), thennpx openqa initwould silently fail for users who install the package — the CLI command wouldn't be registered.Current
package.jsonbin configsrc/cli/bin.jshas the correct shebang (#!/usr/bin/env node) and is marked executable (-rwxr-xr-x).What to investigate
Verify the CLI works post-install: Run
npm install openqa@0.0.7in a fresh temp directory and confirmnpx openqa(or./node_modules/.bin/openqa) is available and runnable.Check if the bin entry is in the published tarball: Run
npm pack --dry-runand thentar -tzf openqa-0.0.7.tgzto see ifpackage.jsoninside the tarball contains thebinfield.Run
npm pkg fix: npm specifically recommends this. Run it and see what it changes — it may reveal the exact validation failure.Check npm's bin validation rules: npm validates that bin script values are relative paths within the package and that the key (command name) is a valid executable name. The key
"openqa"is valid; the value"./src/cli/bin.js"should also be valid. But npm might be rejecting it for a non-obvious reason (e.g..jsextension handling on Windows, or a validation change in a recent npm version).References
binfield: https://docs.npmjs.com/cli/v10/configuring-npm/package-json#binnpm pkg fixdocs: https://docs.npmjs.com/cli/v10/commands/npm-pkgPriority
Medium — the warning has been present since at least v0.0.6. The CLI likely still works (npm may apply the fix silently before publishing while keeping the bin in the tarball), but this needs to be confirmed and the root cause understood.