This page documents the Insiders pre-release publishing workflow: how it is triggered, how the package version is configured, and how the package is built and pushed to npm under the insiders dist-tag. The insiders build is a pre-release channel aimed at early adopters and editor integrations that want access to the latest TypeScript features before a stable release.
next dist-tag), see page 14.hereby), see 12.1.The insiders workflow is defined in .github/workflows/insiders.yaml
| Property | Value |
|---|---|
| Workflow name | Publish Insiders |
| File | .github/workflows/insiders.yaml |
| npm dist-tag | insiders |
| Allowed repository | microsoft/TypeScript only |
.github/workflows/insiders.yaml1-7
The workflow has two triggers:
| Trigger | Description |
|---|---|
workflow_dispatch | Manual trigger from the GitHub Actions UI |
repository_dispatch (type: publish-insiders) | Programmatic trigger via GitHub API, used by the TypeScript bot |
There is no scheduled (cron) trigger. Unlike the nightly workflow (which runs on a cron schedule at 0 7 * * *), insiders builds are always explicitly requested — either by a human or by automation. See .github/workflows/nightly.yaml5-6 for the contrast.
The workflow consists of two sequential jobs: test and publish.
Workflow: Insiders Publishing Pipeline
Sources: .github/workflows/insiders.yaml17-65
test Job.github/workflows/insiders.yaml19-36
main or a release branch).lts/* version alias.package.json's packageManager field.npm ci to install dependencies.npx hereby configure-insiders to mutate the version string in the working copy.npm test. If tests fail, the publish job is blocked.publish Job.github/workflows/insiders.yaml38-65
The publish job declares needs: test, so it only runs after test succeeds. It re-runs configure-insiders independently (on a fresh checkout) rather than sharing state with test.
Steps:
registry-url: https://registry.npmjs.org/ so that the NODE_AUTH_TOKEN secret is wired into npm authentication automatically.npm whoami to verify credentials are active before proceeding.npm ci.npx hereby configure-insiders to set the insiders version string.npx hereby LKG to compile the Last Known Good compiler artifacts into the ./lib directory.node ./scripts/addPackageJsonGitHead.mjs package.json to embed the current git commit SHA into package.json (making builds traceable).npm publish --tag insiders, authenticated via the npm_token repository secret.Code Entity Map: Insiders Publishing
Sources: .github/workflows/insiders.yaml33-65
| Task / Script | Role |
|---|---|
npx hereby configure-insiders | Modifies package.json and source version constants to produce an insiders-tagged version string (e.g. 5.x.0-insiders.YYYYMMDD) |
npx hereby LKG | Compiles the compiler source and copies built artifacts into ./lib, creating the Last Known Good snapshot that gets packed into the npm tarball |
scripts/addPackageJsonGitHead.mjs | Injects the git commit SHA into package.json before publishing so the exact source state is recoverable from the published package |
npm publish --tag insiders | Publishes the package to the npm registry under the insiders dist-tag, leaving the latest tag unaffected |
The configure-insiders hereby task rewrites the version in package.json and in src/compiler/corePublic.ts before the build. The resulting version follows a pattern like:
5.8.0-insiders.20250115
This format:
5.8.0) reflecting the upcoming release.-insiders.YYYYMMDD as a pre-release identifier.npm install typescript never automatically pulls an insiders build.Because the dist-tag is insiders (not latest), consumers must explicitly opt in with npm install typescript@insiders.
| Property | Insiders (insiders.yaml) | Nightly (nightly.yaml) |
|---|---|---|
| Trigger | workflow_dispatch or repository_dispatch | Daily cron (0 7 * * *) + workflow_dispatch |
| Version task | hereby configure-insiders | hereby configure-nightly |
| npm dist-tag | insiders | next |
| Intended consumers | Editor integrations, early adopters, bot-triggered releases | Automated downstream testing, bleeding-edge users |
| Frequency | On-demand | Daily |
Sources: .github/workflows/insiders.yaml .github/workflows/nightly.yaml
.github/workflows/insiders.yaml8-9 .github/workflows/insiders.yaml64-65
permissions: contents: read — the minimum needed to check out the repository. No write permissions to the repository are requested.npm_token repository secret, passed as NODE_AUTH_TOKEN. The registry-url field on actions/setup-node causes the Node.js setup action to configure .npmrc automatically.if: github.repository == 'microsoft/TypeScript' guard on both jobs prevents the workflow from running on forks, protecting the npm token from being exposed in forked workflow runs.| Workflow | File | Purpose |
|---|---|---|
| Publish Nightly | .github/workflows/nightly.yaml | Scheduled daily pre-release to next tag |
| Create Releasable Package Drop | .github/workflows/release-branch-artifact.yaml | Builds a tarball artifact from release branches |
| New Release Branch | .github/workflows/new-release-branch.yaml | Creates a versioned release branch with LKG |
| Update LKG | .github/workflows/lkg.yml | Rebuilds and commits LKG on an existing release branch |
For the full release lifecycle, see 14 Release Management. For LKG mechanics, see 14.2.
Refresh this wiki
This wiki was recently refreshed. Please wait 4 days to refresh again.