1NPM-ACCESS(1) NPM-ACCESS(1)
2
6 npm-access - Set access level on published packages
7 Synopsis
9 npm access list packages [<user>|<scope>|<scope:team> [<package>]
10 npm access list collaborators [<package> [<user>]]
11 npm access get status [<package>]
12 npm access set status=public|private [<package>]
13 npm access set mfa=none|publish|automation [<package>]
14 npm access grant <read-only|read-write> <scope:team> [<package>]
15 npm access revoke <scope:team> [<package>]
16 Note: This command is unaware of workspaces.
18 Description
20 Used to set access controls on private packages.
21 For all of the subcommands, npm access will perform actions on the
23 packages in the current working directory if no package name is passed
24 to the subcommand.
25 • public / restricted (deprecated): Set a package to be either pub‐
27 licly accessible or restricted.
28 • grant / revoke (deprecated): Add or remove the ability of users and
30 teams to have read-only or read-write access to a package.
31 • 2fa-required / 2fa-not-required (deprecated): Configure whether a
33 package requires that anyone publishing it have two-factor authen‐
34 tication enabled on their account.
35 • ls-packages (deprecated): Show all of the packages a user or a team
37 is able to access, along with the access level, except for read-
38 only public packages (it won't print the whole registry listing)
39 • ls-collaborators (deprecated): Show all of the access privileges
41 for a package. Will only show permissions for packages to which you
42 have at least read access. If <user> is passed in, the list is fil‐
43 tered only to teams that user happens to belong to.
44 • edit (not implemented)
46 Details
49 npm access always operates directly on the current registry, config‐
50 urable from the command line using --registry=<registry url>.
51 Unscoped packages are always public.
53 Scoped packages default to restricted, but you can either publish them
55 as public using npm publish --access=public, or set their access as
56 public using npm access public after the initial publish.
57 You must have privileges to set the access of a package:
59 • You are an owner of an unscoped or scoped package.
61 • You are a member of the team that owns a scope.
63 • You have been given read-write privileges for a package, either as
65 a member of a team or directly as an owner.
66 If you have two-factor authentication enabled then you'll be prompted
69 to provide a second factor, or may use the --otp=... option to specify
70 it on the command line.
71 If your account is not paid, then attempts to publish scoped packages
73 will fail with an HTTP 402 status code (logically enough), unless you
74 use --access=public.
75 Management of teams and team memberships is done with the npm team com‐
77 mand.
78 Configuration
80 json
81 • Default: false
82 • Type: Boolean
84 Whether or not to output JSON data, rather than the normal output.
87 • In npm pkg set it enables parsing set values with JSON.parse() be‐
89 fore saving them to your package.json.
90 Not supported by all npm commands.
93 otp
95 • Default: null
96 • Type: null or String
98 This is a one-time password from a two-factor authenticator. It's
101 needed when publishing or changing package permissions with npm access.
102 If not set, and a registry response fails with a challenge for a one-
104 time password, npm will prompt on the command line for one.
105 registry
107 • Default: "https://registry.npmjs.org/"
108 • Type: URL
110 The base URL of the npm registry.
113 See Also
115 • libnpmaccess ⟨https://npm.im/libnpmaccess⟩
116 • npm help team
118 • npm help publish
120 • npm help config
122 • npm help registry
124 November 2023 NPM-ACCESS(1)