Brought to you by Varlock 🧙♂️🔐 check it out to secure your secrets
A modern package versioning, release, and changelog generation tool. Built for monorepos, but works great in simple projects too.
Bumpy uses bump files (you may know them as "changesets" if coming from that tool 🦋) - small markdown files that declare an intent to release packages with a bump level (patch/minor/major), and a description that ends up in changelogs. Developers create these files as part of their PRs, and these files are then used to consolidate changes, generate changelogs, and trigger publishing.
bumpy add or manually)All of this is automated via two simple GitHub Actions workflows (see actions guide). Or can be triggered locally.
.bumpy/add-user-language.md:
---
'@myorg/core': minor
'@myorg/utils': patch
---
Added user lang prefs to core config.
Fixed locale fallback logic in utils.
workspace: and catalog: supportprivatePackages settingbumpy add works fully non-interactively for CI/CD and AI-assisted development@next / @beta release lines where prerelease versions are derived at publish time, never committed to git (see prerelease channels docs)bumpy generate creates bump files from branch commits - works with any commit style, with enhanced detection for conventional commits"default" and "github" formatters, or write your own# Install
bun add -d @varlock/bumpy # or npm/pnpm/yarn
# Initialize (creates .bumpy/ directory and config, migrates from changesets if applicable)
bunx bumpy init
# Interactive guidance setting up CI
bunx bumpy ci setup
# Create a bump file
bunx bumpy add
# Preview the release plan
bunx bumpy status
Then set up CI to automate versioning and publishing (see below).
No GitHub App to install, no separate action to rely on — just call bumpy ci directly in your workflows. Three commands across two workflows handle the entire release lifecycle:
bumpy ci check — on every PR, posts/updates a comment showing the release plan and warns if changed packages are missing bump files.bumpy ci plan — on push to main, detects what should happen next (version-pr, publish, or nothing) without needing write permissions or publish credentials. Used to gate downstream jobs in split-job workflows.bumpy ci release — opens/updates the "Version Packages" PR, or publishes new versions and creates git tags + GitHub releases when that PR is merged.Run bumpy ci setup for interactive guidance, and see the GitHub Actions setup guide for ready-to-copy workflows, token setup, and trusted publishing.
If you prefer to version and publish locally instead of via CI:
bumpy version # consume bump files, update versions and changelogs
bumpy publish # pack and publish, create git tags, push tags, and create GitHub releases
Bumpy ships with an agent skill that teaches LLMs how to create bump files. It teaches the AI to examine git changes, identify affected packages, choose bump levels, and create bump files with bumpy add — and to keep existing bump files up to date as work continues on a branch, updating packages, bump levels, and summaries to reflect the final state of changes.
Pick whichever fits your setup:
skills (any agent — recommended) — works with Claude Code, Cursor, OpenCode, Codex, and others:bash
npx skills add dmno-dev/bumpy # update with: npx skills update
bash
gh skill install dmno-dev/bumpy add-change # update with: gh skill update add-change
bash
claude plugin install @varlock/bumpy
@varlock/bumpy is installed it lives at node_modules/@varlock/bumpy/skills/add-change/SKILL.md, version-pinned to your installed bumpy. Point any tool that consumes a SKILL.md path at it directly..bumpy/_config.json and per-package options@next / @beta release linesTools like semantic-release infer version bumps from commit messages (feat: → minor, fix: → patch). This works for simple projects but breaks down in monorepos - a single PR often touches multiple packages with different bump levels, squash merges lose per-commit metadata, and commit messages are a poor place to write user-facing changelog entries. Bump files are explicit, reviewable in the PR diff, and can describe changes in language meant for consumers rather than developers. If you prefer commit-based workflows, bumpy generate can bridge the gap by auto-creating bump files from your branch commits - it works with any commit style, not just conventional commits.
Bumpy is built as a successor to 🦋changesets. Changesets is mature and widely adopted, but has stagnated - hundreds of open issues around core design problems that are unlikely to be fixed without a rewrite. See differences from changesets for a detailed comparison with links to specific issues. The biggest pain points bumpy addresses:
npm publish even in pnpm/yarn workspaces, so workspace:^ and catalog: protocols are NOT resolved, resulting in broken published packages.npm publish. Bumpy supports per-package custom publish for VSCode extensions, Docker images, JSR, etc.bumpy ci check + bumpy ci release) that run directly in your workflows - no extra repos to trust, no app installation requiring org admin approval.bumpy init detects .changeset/, renames it to .bumpy/, migrates config, keeps pending files, and offers to uninstall @changesets/cli.bun install # install deps
bun run test # run tests
bun run build # build CLI
bunx bumpy --help # invoke built cli
Bumpy is a creation of the team behind Varlock 🧙♂️
Check it out for secure secret sorcery - get your keys out of plaintext!
$ claude mcp add bumpy \
-- python -m otcore.mcp_server <graph>