Add notice about the use of NPM tags in README.md

[Amxx]

Fixes #6038 and #6047

[changeset-bot]

⚠️ No Changeset found

Latest commit: bcb6113

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This pull request updates the README.md documentation to clarify NPM release tag semantics. A new "Release tags" section is added that explains the distinction between latest, dev, and next tags with a descriptive table. The documentation also extends Hardhat installation guidance with specific npm install commands for obtaining both the latest audited release and the latest unaudited development release. These are purely documentation additions with no modifications to code, logic, or public API declarations.

Possibly related PRs

• Use the "dev" tag for new releases #5877: Implements the actual npm tagging scheme (marking releases as "dev" vs "latest") that this PR's documentation describes and explains to users.

Suggested labels

release-cycle

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR updates README documentation to clarify NPM tag semantics, which provides guidance but does not directly fix the underlying npm tagging issue (#6038).	Documentation alone does not resolve the npm tag mismatch. Coordinate with release processes or npm configuration to ensure v5.5.0 receives the 'latest' tag instead of 'dev'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main change: adding NPM tag usage documentation to the README.
Description check	✅ Passed	The description references the linked issues (#6038 and #6047), providing clear context for the documentation updates.
Out of Scope Changes check	✅ Passed	All changes are limited to README.md documentation updates regarding NPM tags, remaining within the stated objectives.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

README.md (1)

37-45: Address markdown lint warnings in Hardhat installation section.

The markdown linter flags style issues in the fenced code blocks:

1. Line 37, 42: Code blocks should specify a language (MD040). These should use ```bash or ```shell for proper syntax highlighting.
2. Line 38, 43: Dollar signs used before commands without output (MD014). While this pattern works in documentation, the linter recommends removing the $ prefix or showing command output.

Apply this diff to fix the markdown style issues:

- ```
+ ```bash
  $ npm install @openzeppelin/contracts
- ```
+ ```
  → Installs the latest audited release (`latest`).

- ```
+ ```bash
  $ npm install @openzeppelin/contracts@dev
- ```
+ ```

Alternatively, remove the $ prefix entirely if no output is being shown:

- ```bash
- $ npm install @openzeppelin/contracts
+ ```bash
+ npm install @openzeppelin/contracts
- ```
+ ```
  → Installs the latest audited release (`latest`).

- ```bash
- $ npm install @openzeppelin/contracts@dev
+ ```bash
+ npm install @openzeppelin/contracts@dev
- ```
+ ```

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 04e683b and 91a0a0d.

📒 Files selected for processing (1)

• README.md (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-04T09:13:21.278Z

Learnt from: Amxx
Repo: OpenZeppelin/openzeppelin-contracts PR: 5904
File: contracts/crosschain/ERC7786Recipient.sol:3-3
Timestamp: 2025-09-04T09:13:21.278Z
Learning: In OpenZeppelin contracts, hardhat.config.js uses a sophisticated yargs-based configuration where the Solidity compiler version is set via argv.compiler (line 77) with a default of '0.8.27' defined in the yargs options (line 21), allowing flexible command-line overrides while maintaining a consistent default.

Applied to files:

• README.md

🪛 markdownlint-cli2 (0.18.1)

README.md

37-37: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

38-38: Dollar signs used before commands without showing output

(MD014, commands-show-output)

---

42-42: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

43-43: Dollar signs used before commands without showing output

(MD014, commands-show-output)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Redirect rules - solidity-contracts
• GitHub Check: Header rules - solidity-contracts
• GitHub Check: Pages changed - solidity-contracts
• GitHub Check: slither
• GitHub Check: coverage
• GitHub Check: tests
• GitHub Check: tests-foundry
• GitHub Check: halmos

🔇 Additional comments (1)

README.md (1)

23-31: Well-structured documentation clarifying NPM tag semantics.

The new "Release tags" section effectively explains the purpose of each NPM tag and helps users understand the distinction between audited (latest), finalized-but-unaudited (dev), and pre-release (next) versions. This directly addresses the issue where the v5.5.0 release was incorrectly tagged, and now provides clear guidance to users on which version to install based on their needs.