Skip to content

artelydev/secure-publish

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

errors.js

errors.js

 
 

guardian.js

guardian.js

 
 

index.js

index.js

 
 

package.json

package.json

 
 

renovate.json

renovate.json

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

⛔ secure-publish 🚫

Total downloads on npm.

Private packages publishing made easy

NPM Badge

Motivation

TL;DR

To prevent your private packages available publicly on npmjs or yarnpkg.

If you are using npm publish for your private packages e.g. for publishing them to a local npm registry or to your own private npm registry - at some point you may end up with your package being available publicly on npm or yarn registry if something will go wrong.

This tool is just another safety catch for such situations, not allowing one to simply pass through without all the needed setup.

Installation

$ npm i -D secure-publish

Add pre-publish script in package.json:

{
  ...,
  "scripts": {
    "prepublishOnly": "secure-publish"
  },
  ...
}

Set a private registry in .npmrc:

registry=https://private.registry.com

Scoped packages

Just add the scope in your package.json and you're done:

{
  "name": "@private-scope/private-package",
  ...
}

It is also recommended providing custom registry for scope in your .npmrc like this:

@private-scope:registry=https://private-scope.registry.com

Usage

$ npm publish

💫

About

Secure publish of private packages

www.npmjs.com/package/secure-publish

Topics

npm security registry package private private-registry private-package

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 10

v0.4.5 Latest
Oct 20, 2022
+ 9 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages