Working with private packages

If you need to use private packages, your nom version must be greater than 2.7.0. and you also have to be a paid npm user.

Npm private packages, enable you to use the npm registry to host your own private code and the npm command line to manage it. This will make it easy for you to use public packages such as Browserify and Express side-by-side with your private code.

First steps (Before we start)

The first thing to do is to log in to npm again once you have upgraded to the most recent version.

npm install -g npm
npm login

Setting up your package

Every private package is scoped. If you have a package whose name begins with @, then that package is a scoped package. The scope consists of everything that is between the @ and the slash.


As an individual user, when you sign up for private modules, your scope will be your username. In the case where you created an npm Org, the orgname could be the scope. Orgs can either be free or paid. The only free way to use scopes in package names is to use public Org.


If you used npm init to initialize your packages, you use the command below to pass in your scope:

npm init --scope=<your_scope>

In the case where you are using the same scope most of the time, you probably will want to set the command above in your default configuration like this:

npm config set scope <your_scope>

Publishing your package

It is easy to publish your package; all you need to do is to run the command below:

npm publish

Scoped packages are published as private by default. Once you have published it, you should be able to see it on the website with a private flag.

Sharing access from the web

If you want to grant access to someone, they have to be subscribed to private packages as well. Immediately they are, you can then grant them read-write access. Or you could set up an npm Org that will give them access through Orgs and teams.

If you want to give someone access without using an org, you should navigate to the package page. You can find it here:https://www.npmjs.com/package/your-package-name

If you need to control access to the package, you should click the + button under collaborators.

And then add the appropriate username, and then click submit.

Sharing access from the CLI

You can equally add collaborators on the command line:

npm owner add <user> <package name>

Installing private packages

If you want to install a private package, you need to have access to the package. Then you can make use of install with the scoped package name.

npm install @scope/project-name

You can equally use the scoped package name when you are requiring it:

var project = require('@scope/project-name')

Switching from private to public

By default, all scoped packages are private. This ensures that you do not make something public by accident. This can be changed on the access page.

You can manage package access via the command line as well:

npm access restricted <package_name>

The package will be removed from listings on the site within a few minutes of making it private.

Previous: More on audit reports and requiring two-factor authentication for package publishing and settings modification
Next: Downloading packages to CI or deployment servers

Follow us on Facebook and Twitter for latest update.