How do I publish private modules using the new npm feature?

Question

After entering billing info and re-login my npm client I tried publishing a new private module.

I set "private": "true" on package.json and gave a name using the scope thing like @myusername/mymodule. Then I got an error message on npm publish saying that I have to remove "private": "true" to publish my module! What am I doing wrong?

Should I remove the private atribute and trust that the simple fact that I gave it a scoped name will make it private by default?

INFO: npm v2.7.6

Answer 1

You should set private to false, and if the package is scoped and u don't want it to be downloaded by public, then add a publishConfig in your package.json:

"publishConfig": {
    "access": "restricted"
  },

That will restrict the package from being publicly viewable and installable. But the package should be scoped Or u can use the command

yarn publish --access=restricted

Answer 2

Should I remove the private atribute and trust that the simple fact that I gave it a scoped name will make it private by default?

It looks like you should be safe doing that according to this page!

Specifically:

All scoped packages default to restricted access. This ensures that you don't make something public by accident. You can change this on the access page.

Answer 3

"private": true is completely different from private packages. From docs.npmjs.com:

If you set "private": true in your package.json, then npm will refuse to publish it. This is a way to prevent accidental publication…

I don’t think that’s what you’re looking for.

Starting in npm@2.7.0, if you are a paid user, you can publish private packages to the npm registry.

1. Sign up for a paid account.
2. Create and initialize a package with a scoped name, e.g. "name": "@username/module-name".
3. Publish your package. By default, npm assumes scoped packages are intended to be private—this is what you want. However, if you want your scoped package to be public, you can publish with the --access=public option.