To share your code with a limited set of users or teams, you can publish private user-scoped or Org-scoped packages to the npm registry.
git-remote-urlwith the git remote URL for your package:
git init git remote add origin git://git-remote-url
npm initcommand and pass the scope to the
my-orgwith the name of your Org:
my-usernamewith your username:
package.jsonfile. For help naming your package, see “Package name guidelines”.
Publishing sensitive information to the registry can harm your users, compromise your development infrastructure, be expensive to fix, and put you at risk of legal action. We strongly recommend removing sensitive information, such as private keys, passwords, [personally identifiable information][pii] (PII), and credit card data before publishing your package to the registry. Even if your package is private, sensitive information can be exposed if the package is made public or downloaded to a computer that can be accessed by more users than intended.
For less sensitive information, such as testing data, use a
.gitignore file to prevent publishing to the registry. For more information, see this article.
To reduce the chances of publishing bugs, we recommend testing your package before publishing it to the npm registry. To test your package, run
npm install with the full path to your package directory:
npm install my-package
By default, scoped packages are published with private visibility.
privatebelow the package name on the npm website.
For more information on the
publish command, see the CLI documentation.