Nous utilisons des cookies pour faire fonctionner CarphaCom, mémoriser vos préférences et mesurer les performances. Vous pouvez tout accepter, refuser les cookies non essentiels ou personnaliser votre choix.
Bientôt disponibleDéploiement en 1 clic sur Vultr MarketplaceM'avertir
CarphaCom
FR
Sign inStart free

Publishing to the Marketplace

1. Create a developer account

  1. Sign up at carphacom.com/developer/register.
  2. Verify your email.
  3. Connect a Stripe Express account if you'll sell paid items (free items skip this step).
  4. Read and accept the publisher agreement.

2. Generate a signing key

npx carphacom-cli keygen --out ~/.carphacom/dev-key.ed25519

Upload the public half to your developer profile. Keep the private half safe — it signs every release. If lost, you can rotate via the developer portal but old releases remain verified by the previous public key.

3. Submit a new item

In the developer portal, click Submit item:

  1. Upload the signed ZIP (my-plugin-1.0.0.zip + .sig).
  2. Fill in the listing: title, description (Markdown), keywords, screenshots, supported languages, category, pricing.
  3. Click Submit for review.

4. Review workflow

Submissions land in a queue. Review covers:

  • Manifest validation — schema, semver, ID uniqueness.
  • Signature verification.
  • Static security scan — dependency vulnerabilities, dangerous patterns (eval, child_process without sandbox).
  • Functional smoke test — installer + uninstaller run on a sandbox CarphaCom instance.
  • Listing review — descriptions accurate, screenshots real, no broken links.

Most reviews complete within 2 business days. You'll receive email + dashboard notifications.

States: submitted → in_review → (approved | rejected | changes_requested) → published.

5. Versioning

Use strict semver:

  • Patch (1.0.0 → 1.0.1): bug fixes, no schema or API changes. Auto-update is enabled by default.
  • Minor (1.0.0 → 1.1.0): new features, backwards compatible. Auto-update enabled.
  • Major (1.0.0 → 2.0.0): breaking changes. Auto-update disabled by default — merchants must approve.

Bump version in manifest.json and package.json together. Submit each version as a new release through Developer Portal → My Items → [item] → New version.

6. Earnings

Free items: zero fee, zero payout.

Paid items: 90% to you, 10% platform fee. Payouts run weekly via Stripe to the connected account. Track in Developer Portal → Earnings with breakdown by item, date, and country.

7. Support obligations

Listed items must:

  • Respond to merchant tickets within 48 hours.
  • Patch critical security issues within 7 days of report.
  • Maintain an issue tracker (GitHub URL in listing).

Items that consistently fail support SLAs are unlisted.