Can I have a package.json but avoid my project from getting published to npm servers?

Can I have a package.json but avoid my project from getting published to npm servers?

Problem

Basically the thing is I’m working on a project that uses grunt for build tasks and as I have a few dependencies here and there I thought it was a good idea to declare those on a package.json so that my co-workers can npm install without being required to manually install every package at the correct version.

Now the thing is, what if someone “accidentally” runs npm publish? Is there a way to have the package.json while keeping my stuff private?

Problem courtesy of: gonchuki

Solution

Yes, set private to true.

If you set "private": true in your package.json, then npm will refuse to publish it.

This is a way to prevent accidental publication of private repositories. If you would like to ensure that a given package is only ever published to a specific registry (for example, an internal registry), then use the publishConfig hash described below to override the registry config param at publish-time.

Solution courtesy of: josh3736

Discussion

Leave a Reply

Your email address will not be published. Required fields are marked *