⛔ secure-publish 🚫
Private packages publishing made easy
Motivation
TL;DR
To prevent your private packages available publicly on npmjs or yarnpkg.
If you are using npm publish for your private packages e.g. for publishing
them to a local npm registry or to your own private npm registry - at some point
you may end up with your package being available publicly on npm or yarn registry if
something will go wrong.
This tool is just another safety catch for such situations, not allowing one to simply pass through without all the needed setup.
Installation
$ npm i -D secure-publishAdd pre-publish script in package.json:
{
...,
"scripts": {
"prepublishOnly": "secure-publish"
},
...
}Set a private registry in .npmrc:
registry=https://private.registry.comScoped packages
Just add the scope in your package.json and you're done:
{
"name": "@private-scope/private-package",
...
}It is also recommended providing custom registry for scope in your .npmrc like this:
@private-scope:registry=https://private-scope.registry.comUsage
$ npm publish