Reputation: 1046
Preventing npm private org from publishing public packages
Is there any way to prevent publishing public packages under an npm org?
It seems like this would be a relatively common use-case (making sure noone in an org can unintentionally publish a package that's supposed to be private because they run publish --access public). But I can't find a way to enforce that.
Upvotes: 2
Views: 567
Answers (2)
Reputation: 1
There is a way actually with https://www.npmjs.com/package/secure-publish
$ npm add -D secure-publish
Then you should add prepublishOnly script to your package.json:
...
"scripts" : {
"prepublishOnly": "secure-publish"
}
https://github.com/cxsper/secure-publish
Upvotes: 0
Reputation: 16875
That capability appears to only be available in npm Enterprise.
As described here:
Note: The unscoped namespace on npm Enterprise is reserved for unscoped packages in the public npm registry. To prevent npm Enterprise users from accidentally publishing proprietary code to the public npm registry, where it would be visible to anyone on the internet, we do not allow publishing unscoped packages to npm Enterprise.
Upvotes: 1
Related Questions
- Define private registry in package.json
- How do I publish private modules using the new npm feature?
- Publishing packages marked as private to verdaccio
- Private npm for clients
- Mark package as `private` from CLI?
- Prevent Publishing Node Application
- Publishing Node.js Packages Other Than To NPM
- NPM publish to scoped private package without having to login
- Can I have a package.json but avoid my project from getting published to npm servers?
- How to securely publish same npm package by several different people?