Working with Private npm Packages: Setup, Publishing, and Access Control
If you need to use private packages, your nom version must be greater than 2.7.0. and you also have to be a paid npm user.
Npm private packages, enable you to use the npm registry to host your own private code and the npm command line to manage it. This will make it easy for you to use public packages such as Browserify and Express side-by-side with your private code.
First steps (Before we start)
The first thing to do is to log in to npm again once you have upgraded to the most recent version.
npm install -g npm
npm login
Setting up your package
Every private package is scoped. If you have a package whose name begins with @, then that package is a scoped package. The scope consists of everything that is between the @ and the slash.
@scope/project-name
As an individual user, when you sign up for private modules, your scope will be your username. In the case where you created an npm Org, the orgname could be the scope. Orgs can either be free or paid. The only free way to use scopes in package names is to use public Org.
@username/project-name
@orgname/project-name
If you used npm init to initialize your packages, you use the command below to pass in your scope:
npm init --scope=<your_scope>
In the case where you are using the same scope most of the time, you probably will want to set the command above in your default configuration like this:
npm config set scope <your_scope>
Publishing your package
It is easy to publish your package; all you need to do is to run the command below:
npm publish
Scoped packages are published as private by default. Once you have published it, you should be able to see it on the website with a private flag.
Sharing access from the web
If you want to grant access to someone, they have to be subscribed to private packages as well. Immediately they are, you can then grant them read-write access. Or you could set up an npm Org that will give them access through Orgs and teams.
If you want to give someone access without using an org, you should navigate to the package page. You can find it here:https://www.npmjs.com/package/your-package-name
If you need to control access to the package, you should click the + button under collaborators.
And then add the appropriate username, and then click submit.
Sharing access from the CLI
You can equally add collaborators on the command line:
npm owner add <user> <package name>
Installing private packages
If you want to install a private package, you need to have access to the package. Then you can make use of install with the scoped package name.
npm install @scope/project-name
You can equally use the scoped package name when you are requiring it:
var project = require('@scope/project-name')
Switching from private to public
By default, all scoped packages are private. This ensures that you do not make something public by accident. This can be changed on the access page.
You can manage package access via the command line as well:
npm access restricted <package_name>
The package will be removed from listings on the site within a few minutes of making it private.
Previous:
More on audit reports and requiring two-factor authentication for package publishing and settings modification
Next:
Downloading Packages to CI/Deployment Servers: Setup and Authentication.
It will be nice if you may share this link in any developer community or anywhere else, from where other developers may find this content. Thanks.
https://w3resource.com/npm/working-with-private-packages.php
- Weekly Trends and Language Statistics
- Weekly Trends and Language Statistics