Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
By Sarah Gooding - Sep 20, 2024
libnpmaccess
Advanced tools
What is libnpmaccess?
The libnpmaccess package is a Node.js library that provides programmatic access to the npm access control features. It allows you to manage package access permissions, such as granting or revoking access to npm packages for different users or teams.
What are libnpmaccess's main functionalities?
Grant Access
This feature allows you to grant access to a specific npm package for a user or team. In the code sample, 'read-write' access is granted to 'my-package' for the user 'username'.
const access = require('libnpmaccess');
async function grantAccess() {
await access.grant('read-write', 'my-package', 'user:username');
console.log('Access granted');
}
grantAccess();Revoke Access
This feature allows you to revoke access to a specific npm package for a user or team. In the code sample, access to 'my-package' is revoked for the user 'username'.
const access = require('libnpmaccess');
async function revokeAccess() {
await access.revoke('my-package', 'user:username');
console.log('Access revoked');
}
revokeAccess();List Access
This feature allows you to list the access permissions for a specific npm package. In the code sample, the access permissions for 'my-package' are listed.
const access = require('libnpmaccess');
async function listAccess() {
const accessList = await access.lsPackages('my-package');
console.log(accessList);
}
listAccess();Other packages similar to libnpmaccess
npm
The npm package itself provides CLI commands for managing access control, such as `npm access grant` and `npm access revoke`. While libnpmaccess offers programmatic access, the npm package is more suited for command-line operations.
np
The np package is a streamlined tool for publishing npm packages. It includes some access control features but is primarily focused on simplifying the publishing process. It does not offer the same level of granularity in access control as libnpmaccess.
npm-cli-login
The npm-cli-login package is used for programmatically logging into npm. While it does not manage access control, it is often used in conjunction with other tools that do. It complements libnpmaccess by handling authentication.
libnpmaccess
libnpmaccess is a Node.js
library that provides programmatic access to the guts of the npm CLI's npm access command. This includes managing account mfa settings, listing
packages and permissions, looking at package collaborators, and defining
package permissions for users, orgs, and teams.
Example
const access = require('libnpmaccess')
const opts = { '//registry.npmjs.org/:_authToken: 'npm_token }
// List all packages @zkat has access to on the npm registry.
console.log(Object.keys(await access.getPackages('zkat', opts)))
API
opts for all libnpmaccess commands
libnpmaccess uses npm-registry-fetch.
All options are passed through directly to that library, so please refer
to its own opts
documentation
for options that can be passed in.
spec parameter for all libnpmaccess commands
spec must be an npm-package-arg-compatible
registry spec.
access.getCollaborators(spec, opts) -> Promise<Object>
Gets collaborators for a given package
access.getPackages(user|scope|team, opts) -> Promise<Object>
Gets all packages for a given user, scope, or team.
Teams should be in the format scope:team or @scope:team
Users and scopes can be in the format @scope or scope
access.getVisibility(spec, opts) -> Promise<Object>
Gets the visibility of a given package
access.removePermissions(team, spec, opts) -> Promise<Boolean>
Removes the access for a given team to a package.
Teams should be in the format scope:team or @scope:team
access.setAccess(package, access, opts) -> Promise<Boolean>
Sets access level for package described by spec.
The npm registry accepts the following access levels:
public: package is public
private: package is private
The npm registry also only allows scoped packages to have their access level set.
access.setMfa(spec, level, opts) -> Promise`
Sets the publishing mfa requirements for a given package. Level must be one of the following
none: mfa is not required to publish this package.
publish: mfa is required to publish this package, automation tokens
cannot be used to publish.
automation: mfa is required to publish this package, automation tokens
may also be used for publishing from continuous integration workflows.
access.setPermissions(team, spec, permssions, opts) -> Promise`
Sets permissions levels for a given team to a package.
Teams should be in the format scope:team or @scope:team
The npm registry accepts the following permissions:
read-only: Read only permissions
read-write: Read and write (aka publish) permissions
FAQs
programmatic library for `npm access` commands
The npm package libnpmaccess receives a total of 1,409,287 weekly downloads. As such, libnpmaccess popularity was classified as popular.
We found that libnpmaccess demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 06 Dec 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Understanding License Exceptions: What Developers Need to Know
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
By Sarah Gooding - Sep 20, 2024
Security News
Developer Accuses Tencent of Copyright Violation After Python Utility’s License Changed from GPLv3 to BSD
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.
By Sarah Gooding - Sep 18, 2024