1NPM-ACCESS(1) NPM-ACCESS(1)
2
6 npm-access - Set access level on published packages
7 Synopsis
9 npm access public [<package>]
10 npm access restricted [<package>]
11 npm access grant <read-only|read-write> <scope:team> [<package>]
13 npm access revoke <scope:team> [<package>]
14 npm access 2fa-required [<package>]
16 npm access 2fa-not-required [<package>]
17 npm access ls-packages [<user>|<scope>|<scope:team>]
19 npm access ls-collaborators [<package> [<user>]]
20 npm access edit [<package>]
21 Description
23 Used to set access controls on private packages.
24 For all of the subcommands, npm access will perform actions on the
26 packages in the current working directory if no package name is passed
27 to the subcommand.
28 • public / restricted: Set a package to be either publicly accessible
30 or restricted.
31 • grant / revoke: Add or remove the ability of users and teams to have
33 read-only or read-write access to a package.
34 • 2fa-required / 2fa-not-required: Configure whether a package requires
36 that anyone publishing it have two-factor authentication enabled on
37 their account.
38 • ls-packages: Show all of the packages a user or a team is able to ac‐
40 cess, along with the access level, except for read-only public pack‐
41 ages (it won't print the whole registry listing)
42 • ls-collaborators: Show all of the access privileges for a package.
44 Will only show permissions for packages to which you have at least
45 read access. If <user> is passed in, the list is filtered only to
46 teams that user happens to belong to.
47 • edit: Set the access privileges for a package at once using $EDITOR.
49 Details
52 npm access always operates directly on the current registry, config‐
53 urable from the command line using --registry=<registry url>.
54 Unscoped packages are always public.
56 Scoped packages default to restricted, but you can either publish them
58 as public using npm publish --access=public, or set their access as
59 public using npm access public after the initial publish.
60 You must have privileges to set the access of a package:
62 • You are an owner of an unscoped or scoped package.
64 • You are a member of the team that owns a scope.
66 • You have been given read-write privileges for a package, either as a
68 member of a team or directly as an owner.
69 If you have two-factor authentication enabled then you'll be prompted
72 to provide an otp token, or may use the --otp=... option to specify it
73 on the command line.
74 If your account is not paid, then attempts to publish scoped packages
76 will fail with an HTTP 402 status code (logically enough), unless you
77 use --access=public.
78 Management of teams and team memberships is done with the npm team com‐
80 mand.
81 Configuration
83 <!-- AUTOGENERATED CONFIG DESCRIPTIONS START --> <!-- automatically
84 generated, do not edit manually --> <!-- see lib/utils/config/defini‐
85 tions.js -->
86 registry
88 • Default: "https://registry.npmjs.org/"
89 • Type: URL
91 The base URL of the npm registry. <!-- automatically generated, do not
94 edit manually --> <!-- see lib/utils/config/definitions.js -->
95 otp
98 • Default: null
99 • Type: null or String
101 This is a one-time password from a two-factor authenticator. It's
104 needed when publishing or changing package permissions with npm access.
105 If not set, and a registry response fails with a challenge for a
107 one-time password, npm will prompt on the command line for one. <!--
108 automatically generated, do not edit manually --> <!-- see
109 lib/utils/config/definitions.js -->
110 <!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
112 See Also
115 • libnpmaccess https://npm.im/libnpmaccess
116 • npm help team
118 • npm help publish
120 • npm help config
122 • npm help registry
124 January 2022 NPM-ACCESS(1)