Secure-publish NPM

Motivation

TL;DR

To prevent your private packages available publicly on npmjs or yarnpkg.

If you are using npm publish for your private packages e.g. for publishing them to a local npm registry or to your own private npm registry - at some point you may end up with your package being available publicly on npm or yarn registry if something will go wrong.

This tool is just another safety catch for such situations, not allowing one to simply pass through without all the needed setup.

Installation

$ npm i -D secure-publish

Add pre-publish script in package.json:

{
  ...,
  "scripts": {
    "prepublishOnly": "secure-publish"
  },
  ...
}

Set a private registry in .npmrc:

registry=https://private.registry.com

Scoped packages

Just add the scope in your package.json and you're done:

{
  "name": "@private-scope/private-package",
  ...
}

It is also recommended providing custom registry for scope in your .npmrc like this:

@private-scope:registry=https://private-scope.registry.com

Usage

$ npm publish

:dizzy:

private package disallow publish safe publish private package publishing verdaccio custom npm registry npm publish yarn publish publish

chalk

@infinitebrahmanuniverse/nolb-sec @everything-registry/sub-chunk-2726

2 years ago

2 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago

4 years ago