libnpmaccess

libnpmaccess

libnpmaccess is a Node.js library that provides programmatic access to the guts of the npm CLI's npm access command. This includes managing account mfa settings, listing packages and permissions, looking at package collaborators, and defining package permissions for users, orgs, and teams.

Example

const access = require('libnpmaccess')
const opts = { '//registry.npmjs.org/:_authToken: 'npm_token }

// List all packages @zkat has access to on the npm registry.
console.log(Object.keys(await access.getPackages('zkat', opts)))

API

opts for all libnpmaccess commands

libnpmaccess uses npm-registry-fetch.

All options are passed through directly to that library, so please refer to its own opts documentation for options that can be passed in.

spec parameter for all libnpmaccess commands

spec must be an npm-package-arg-compatible registry spec.

access.getCollaborators(spec, opts) -> Promise<Object>

Gets collaborators for a given package

access.getPackages(user|scope|team, opts) -> Promise<Object>

Gets all packages for a given user, scope, or team.

Teams should be in the format scope:team or @scope:team

Users and scopes can be in the format @scope or scope

access.getVisibility(spec, opts) -> Promise<Object>

Gets the visibility of a given package

access.removePermissions(team, spec, opts) -> Promise<Boolean>

Removes the access for a given team to a package.

Teams should be in the format scope:team or @scope:team

access.setAccess(package, access, opts) -> Promise<Boolean>

Sets access level for package described by spec.

The npm registry accepts the following access levels:

• public: package is public
• private: package is private

The npm registry also only allows scoped packages to have their access level set.

access.setMfa(spec, level, opts) -> Promise`

Sets the publishing mfa requirements for a given package. Level must be one of the following:

• none: mfa is not required to publish this package.
• publish: mfa is required to publish this package, automation tokens cannot be used to publish.
• automation: mfa is required to publish this package, automation tokens may also be used for publishing from continuous integration workflows.

access.setPermissions(team, spec, permissions, opts) -> Promise`

Sets permissions levels for a given team to a package.

Teams should be in the format scope:team or @scope:team

The npm registry accepts the following permissions:

• read-only: Read only permissions
• read-write: Read and write (aka publish) permissions

Similar packages

Other packages similar to libnpmaccess

npm

The npm package itself provides CLI commands for managing access control, such as `npm access grant` and `npm access revoke`. While libnpmaccess offers programmatic access, the npm package is more suited for command-line operations.

np

The np package is a streamlined tool for publishing npm packages. It includes some access control features but is primarily focused on simplifying the publishing process. It does not offer the same level of granularity in access control as libnpmaccess.

npm-cli-login

The npm-cli-login package is used for programmatically logging into npm. While it does not manage access control, it is often used in conjunction with other tools that do. It complements libnpmaccess by handling authentication.