Reputation: 64236
Package manager NPM and node.js Integrity
I have just created a new package on NPM (which was surprisingly easy) and I am interested in how the integrity of packages is maintained. Can anybody publish a new version of a package, or is this restricted to just my user account?
If anyone can publish changes to a package, how can their modifications be monitored to ensure that the project will still work?
Upvotes: 0
Views: 388
Answers (2)
Reputation: 3101
You can manage multiple owners for an NPM package:
npm owner add username packagename
npm owner rm username packagename
npm owner ls packagename
Ideally the project should be managed by the group in a code repository like github, then any user can update the package from the repo. So long as the version numbers are incremented accordingly it should be easy to follow. NPM should disallow updates for the same version number.
Upvotes: 3
Reputation: 34680
Since each package has an author I am pretty sure only the author can update the packages he owns. You can find the structure of packages over here: http://isaacs.iriscouch.com/_utils/database.html?registry
Upvotes: 1
Related Questions
- How can we trust npm modules?
- NodeJS & NPM: Package Security
- Integrity Checking for NPM Packages
- Verify if an NPM package is official
- How does npm verify packages and how to verify npm/node installation packages between machines?
- Vulnerabilities problem using "npm install"
- NodeJS package confusion
- Is there a way to assure the integrity of a published npm packages, using hashes/checksums?
- npm install vulnaribilities are different for different projects
- NodeJS package management