Unable to release frontend package on npm

[cekk]

Describe the bug

I’m trying to publish a monorepo project using this script, but I can’t publish the package to npm because it is being published twice.

To Reproduce

Steps to reproduce the behavior:

1. set publish = true in repository.toml for [frontend.package]
2. run uvx repoplone release patch

I have this error:

ERROR npm notice
npm notice 📦 volto-searchblocks@0.1.17
npm notice Tarball Contents
npm notice 25B .changelog.draft
npm notice 1.1kB .release-it.json
npm notice 620B CHANGELOG.md
npm notice 4.5kB README.md
npm notice 322B babel.config.js
npm notice 1.8kB locales/de/LC_MESSAGES/volto.po
npm notice 1.8kB locales/en/LC_MESSAGES/volto.po
npm notice 2.2kB locales/es/LC_MESSAGES/volto.po
npm notice 2.2kB locales/it/LC_MESSAGES/volto.po
npm notice 2.1kB locales/pt_BR/LC_MESSAGES/volto.po
npm notice 2.0kB locales/volto.pot
npm notice 0B news/.gitkeep
npm notice 1.2kB package.json
npm notice 0B public/.gitkeep
npm notice 544B src/actions/searchBlocks.js
npm notice 0B src/components/.gitkeep
npm notice 9.2kB src/components/SearchBlocks/SearchBlocks.jsx
npm notice 675B src/config/settings.ts
npm notice 164B src/constants/ActionTypes.js
npm notice 681B src/index.ts
npm notice 1.1kB src/reducers/searchBlocks.js
npm notice 798B towncrier.toml
npm notice 742B tsconfig.json
npm notice Tarball Details
npm notice name: volto-searchblocks
npm notice version: 0.1.17
npm notice filename: volto-searchblocks-0.1.17.tgz
npm notice package size: 8.2 kB
npm notice unpacked size: 33.7 kB
npm notice shasum: ed4b5fec6662707b0e9919e7e72df63d2d1711b6
npm notice integrity: sha512-jOFXKo/F3ms5G[...]coS+z/5+dY6gA==
npm notice total files: 23
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm error code E403
npm error 403 403 Forbidden - PUT https://registry.npmjs.org/volto-searchblocks - You cannot publish over the previously published versions: 0.1.17.
npm error 403 In most cases, you or one of your dependencies are requesting
npm error 403 a package version that is forbidden by your security policy, or
npm error 403 on a server you do not have access to.
npm error A complete log of this run can be found in: /Users/cekk/.npm/_logs/2026-02-05T21_39_17_054Z-debug-0.log

This happens because the script ends up running:

npx release-it --ci --no-git --no-github.release --plonePrePublish.publish -i 0.1.17

My suspicion is that release-it together with the --plonePrePublish.publish flag causes the package to be published twice.

I tried setting publish = false in repository.toml, but in that case release-it is not executed at all.

[ericof]

@cekk It seems you already had that version there, isn't it?

[cekk]

Nope..until that command there is no new version.

When it is called, it seems that something tries to release new version twice.

[ericof]

Interesting. I need to debug this

[cekk]

I confirm that commenting this line i can release package without errors on npm.

[ericof]

@cekk Very strange why this is happening to you.
Could you, please point me to the repository you are using it?
We added the plonePrePublish script to be able to control when a package is pushed to NPM, and unless I'm mistaken, this should be working fine.

[cekk]

Sure: https://github.com/collective/collective-searchblocks

I'm testing the whole publishing process so there are a lot of tags/releases.
We've also modified a bit this package to allow to install it with zc.buildout (but it doesn't care for npm publishing)

[ericof]

@cekk Checking your configuration with one add-on created few weeks ago I've found:

Yours:

  "npm": {
    "publish": true
  },
  "plonePrePublish": {
    "publish": false
  },

contact-block:

  "npm": {
    "publish": false
  },
  "plonePrePublish": {
    "publish": false
  },

Please, set the "npm.publish" to false and tell me the results

[ericof]

@cekk Did it work?