Table of contents

Creating and publishing private packages

Table of contents

To share your code with a limited set of users or teams, you can publish private user-scoped or organization-scoped packages to the npm registry.

For more information on scopes and private packages, see "About scopes"and"About private packages".

Note:Before you can publish private user-scoped npm packages, you mustsign upfor a paid npm user account.

Additionally, to publish private organization-scoped packages, you mustcreate an npm user account,thencreate a paid npm organization.

Creating a private package

  1. If you are using npmrc tomanage accounts on multiple registries,on the command line, switch to the appropriate profile:

    npmrc <profile-name>

  2. On the command line, create a directory for your package:

    mkdir my-test-package

  3. Navigate to the root directory of your package:

    cd my-test-package

  4. If you are using git to manage your package code, in the package root directory, run the following commands, replacinggit-remote-urlwith the git remote URL for your package:

    gitinit
    gitremoteaddorigin git://git-remote-url

  5. In the package root directory, run thenpm initcommand and pass the scope to thescopeflag:

    • For an organization-scoped package, replacemy-orgwith the name of your organization:

      npm init --scope=@my-org

    • For a user-scoped package, replacemy-usernamewith your username:

      npm init --scope=@my-username

  6. Respond to the prompts to generate apackage.jsonfile. For help naming your package, see "Package name guidelines".

  7. Create aREADME filethat explains what your package code is and how to use it.

  8. In your preferred text editor, write the code for your package.

Reviewing package contents for sensitive or unnecessary information

Publishing sensitive information to the registry can harm your users, compromise your development infrastructure, be expensive to fix, and put you at risk of legal action.We strongly recommend removing sensitive information, such as private keys, passwords,personally identifiable information(PII), and credit card data before publishing your package to the registry.Even if your package is private, sensitive information can be exposed if the package is made public or downloaded to a computer that can be accessed by more users than intended.

For less sensitive information, such as testing data, use a.npmignoreor.gitignorefile to prevent publishing to the registry. For more information, seethis article.

Testing your package

To reduce the chances of publishing bugs, we recommend testing your package before publishing it to the npm registry. To test your package, runnpm installwith the full path to your package directory:

npm install my-package

Publishing private packages

By default, scoped packages are published with private visibility.

  1. On the command line, navigate to the root directory of your package.

    cd /path/to/package

  2. To publish your private package to the npm registry, run:

    npm publish

  3. To see your private package page, visithttps://npmjs /package/*package-name*, replacing *package-name* with the name of your package. Private packages will sayprivatebelow the package name on the npm website.

    Screenshot of a private npm Teams package

For more information on thepublishcommand, see theCLI documentation.

Edit this page on GitHub
3contributorslukekarryslukekarrysericmuttaericmuttaethomsonethomson
Last edited bylukekarrysonOctober 23, 2023