ReshetComponents is a standalone React component library extracted from the Daba frontend baseComponents.
The npm package name is reshet-components because npm package names must be lowercase.
npm install reshet-componentsImport components directly from the package:
import { Button, DatePicker, Tooltip } from 'reshet-components';The package entry loads its stylesheet automatically. reshet-components/styles.css is still exported if you want a direct style import for a custom setup.
reactandreact-domare peer dependencies.- The package ships a default light/dark token set in
styles.css. - Some components depend on
@base-ui/react,react-day-picker,react-hot-toast,lucide-react,clsx,remeda, anddate-fns, which are installed as package dependencies.
This repository is configured for two npm release channels:
latest: published from Git tags likev0.1.0canary: published automatically on every push tomain
npm does not allow publishing the same package version twice, so each canary publish gets a unique pre-release version automatically.
- Create the package once on npm with an account that owns
reshet-components. - Keep
package.jsonrepository.urlaligned with the publishing repository. For this repo it must matchhttps://github.com/ShpakovNetanel/ReshetComponents, or npm provenance validation will reject the publish. - Choose one CI auth path:
- Recommended: configure npm trusted publishing for this repository and workflow filenames.
- Token fallback: add a GitHub secret named
NPM_TOKENthat contains a granular npm access token with write access toreshet-componentsandBypass two-factor authenticationenabled.
- If your default branch is not
main, update publish-canary.yml.
If 0.1.0 has never been published before:
npm publishprepack will build the package before publishing.
Bump the version locally, create the matching git tag, and push it:
npm version patch
git push --follow-tagsThe publish-release workflow will publish that exact version to npm under the latest tag.
If you keep using NPM_TOKEN, make sure the package's npm publishing access is not set to Require two-factor authentication and disallow tokens, because that setting blocks token-based CI publishes entirely.
Every push to main triggers the publish-canary workflow. It publishes a version shaped like:
0.1.0-canary.20260419153045.sha1a2b3c4
Consumers can install the moving canary channel with:
npm install reshet-components@canaryThe GitHub Actions workflows in this repo already include id-token: write and run on a Node version that supports npm trusted publishing, so once trusted publishing is configured on npm they can publish without a long-lived write token.