11# Distribution
22
33` putio-design ` ships two public surfaces: the static design guide at
4- ` design.put.io ` and optional package artifacts from ` @putdotio/design ` .
4+ ` design.put.io ` and package artifacts from ` @putdotio/design ` .
55
66## Static Site
77
@@ -16,9 +16,8 @@ The deploy workflow must run `pnpm verify` before publishing the site.
1616
1717## Package Artifacts
1818
19- The package stays private until an explicit publishing decision is made. Its
20- exports are prepared so a future public npm release can expose the same generic
21- surfaces without redesigning the repo:
19+ ` @putdotio/design ` is a public scoped npm package. It exposes generic token
20+ artifacts and the design contract only:
2221
2322- ` @putdotio/design/css `
2423- ` @putdotio/design/tokens `
@@ -31,6 +30,19 @@ Do not publish platform-native outputs from this repo in v1. Web, iOS, Android,
3130Roku, and TV repos should consume the generic token artifacts and own their
3231platform adapters.
3332
33+ Package publishing uses the manual ` Publish Package ` GitHub Actions workflow.
34+ The workflow runs ` pnpm verify:full ` , publishes with npm provenance, and expects
35+ npm Trusted Publishing to be configured for the ` release ` GitHub Environment.
36+ Use the ` next ` dist-tag for pre-release or adoption-test packages, and ` latest `
37+ only for a release that should become the default npm install target.
38+
39+ Before the first publish, an npm maintainer must trust this workflow for the
40+ package:
41+
42+ ``` bash
43+ npx -y npm@^11.10.0 trust github @putdotio/design --repo putdotio/putio-design --file publish-package.yml --env release --allow-publish --yes
44+ ```
45+
3446## Generated Files
3547
3648Token sources live in ` tokens/**/*.tokens.json ` . Generated files are checked in
0 commit comments