npm-access

List packages for a user or scope

$ npm access list packages [user|scope|scope:team] [package_name]

$ npm access list collaborators [package_name] [username]

$ npm access get status [package_name]

$ npm access set status [public|private] [package_name]

$ npm access grant [read-only|read-write] [scope:team] [package_name]

$ npm access revoke [scope:team] [package_name]

$ npm access set mfa [none|publish|automation] [package_name]

npm access subcommand

grant grant scope:team
    Grants the specified grant (read-only or read-write) access to the provided scope:team. Requires the `--otp` parameter if two-factor authentication is enabled.

revoke grant scope:team
    Revokes the specified grant (read-only or read-write) access to the provided scope:team. Requires the `--otp` parameter if two-factor authentication is enabled.

ls-packages [scope]
    Lists all packages in the given scope and their respective access levels. If no scope is specified, lists all packages you own.

ls-collaborators [package]
    Lists all collaborators for the given package and their access levels. If no package is specified, lists collaborators for all packages you own.

public [package]
    Sets the package to be publicly accessible.
Note:: you must first set the package to unpublished before making it public.

restricted [package]
    Sets the package to be restricted, requiring authorization for access. Note:: you must first publish the package before restricting access.

--otp=otpcode
    When publishing with two-factor authentication enabled, this supplies a time-based one-time password from a authenticator app.

The `npm-access` command allows you to manage access permissions for npm packages, granting or revoking read and write access to scopes or individual packages within the npm registry. This command is crucial for controlling who can publish and consume packages, ensuring the security and integrity of your software supply chain. It's typically used within organizations or by package maintainers who want to delegate access rights to collaborators. `npm access` enables you to grant access to entire scopes or only to specified packages. Correct use of this command is very important for security reasons. For this reason, you should carefully consider which privileges assign to other users/teams to not compromising package integrity and security.

Requires authentication with the npm registry using `npm login` before use. Incorrect use of access controls can lead to unintended exposure or denial of access to packages.

Scopes are namespaces for packages, denoted by `@` followed by an organization or username (e.g., `@myorg/mypackage`). Scopes provide a mechanism for organizing and controlling access to packages within an organization or group.

Teams are groups of npm users. You can grant access to a team, allowing all members of that team to have the specified access level. This simplifies access management for larger groups.

The `npm-access` command was introduced as part of npm to provide a more granular control over package access permissions, addressing the need for better collaboration and security within the npm ecosystem. Prior to its introduction, package access was primarily managed through user accounts and teams, but `npm-access` offered a more flexible and refined approach.

npm-owner(1), npm-publish(1), npm-adduser(1), npm-team(1)