Publishing Packages

Package Name Format

LPM packages use the format @lpm.dev/owner.package-name:

{
  "name": "@lpm.dev/your-username.my-utils",
  "version": "1.0.0"
}

The owner is your username or organization name. The package name follows after a dot.

Context	Example
package.json	@lpm.dev/acme.design-system
Web URL	lpm.dev/acme.design-system
CLI install	lpm install @lpm.dev/acme.design-system

Publish

lpm publish

The CLI auto-detects your ecosystem from project files:

• JavaScript - reads package.json, packages the contents, verifies integrity with SHA-512, and uploads
• Swift - reads Package.swift via swift package dump-package, bundles source files, and uploads
• XCFramework - detects .xcframework bundles, parses Info.plist for platform slices, and uploads

New packages are private by default. Only you (or your org members) can install them.

Publishing a Swift Package

The CLI detects Swift projects when a Package.swift file is present:

cd my-swift-library
lpm publish

The CLI extracts your Swift manifest (targets, platforms, dependencies, tools version) and includes it with the published package.

Publishing an XCFramework

For pre-built binary frameworks, place your .xcframework bundle in the project:

cd my-xcframework-package
lpm publish

The CLI detects the .xcframework bundle, parses the Info.plist to extract platform slices and supported architectures, and includes this metadata with the published package.

Versioning

LPM uses semantic versioning. Each publish requires a new version:

# JavaScript
npm version patch   # 1.0.0 -> 1.0.1
lpm publish

# Swift — update the version in your Package.swift or package.json
lpm publish

See Versioning for details on version ranges and semver conventions.

Quality Score

Every publish runs automated quality checks and assigns a score out of 100. The number of checks varies by ecosystem:

• JavaScript - 28 checks (types, ESM exports, tree-shaking, etc.)
• Swift - 25 checks (platforms, tools version, test targets, etc.)
• XCFramework - 21 checks (valid plist, platform slices, architectures, etc.)

You can preview the score before publishing:

lpm publish --check

Or enforce a minimum threshold in CI:

lpm publish --min-score 80

See Quality Score for the full list of checks per ecosystem.

After Publishing

If your package includes Agent Skills (.lpm/skills/*.md files), they are extracted and validated during publish. Skills go through a security scan before becoming available. See Agent Skills for the file format and CLI commands.

Your package is live at lpm.dev/your-username.package-name. From there you can:

• Change the distribution mode to marketplace or pool
• Set up pricing plans for marketplace packages
• View download stats and manage versions

LPM also runs AI analysis on your source code in the background (for JavaScript and Swift packages). Within minutes, your package page shows an AI-generated summary, security scan results, error handling assessment, and compatibility metadata. See Quality Score for details.