Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
libnpmteam
Advanced tools
Readme
libnpmteam
is a Node.js
library that provides programmatic access to the guts of the npm CLI's npm team
command and its various subcommands.
const team = require('libnpmteam')
// List all teams for the @npm org.
console.log(await team.lsTeams('npm'))
$ git commit -m "chore: updated CHANGELOG.md"
npm version {newVersion}
# Example
$ npm version patch
# 1. Runs `coverage` and `lint` scripts
# 2. Bumps package version; and **create commit/tag**
# 3. Runs `npm publish`; publishing directory with **unpushed commit**
# 4. Runs `git push origin --follow-tags`
$ npm install libnpmteam
opts
for libnpmteam
commandslibnpmteam
uses npm-registry-fetch
.
All options are passed through directly to that library, so please refer to its
own opts
documentation
for options that can be passed in.
A couple of options of note for those in a hurry:
opts.token
- can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.opts.otp
- certain operations will require an OTP token to be passed in. If a libnpmteam
command fails with err.code === EOTP
, please retry the request with {otp: <2fa token>}
> team.create(team, [opts]) -> Promise
Creates a team named team
. Team names use the format @<scope>:<name>
, with
the @
being optional.
Additionally, opts.description
may be passed in to include a description.
await team.create('@npm:cli', {token: 'myregistrytoken'})
// The @npm:cli team now exists.
> team.destroy(team, [opts]) -> Promise
Destroys a team named team
. Team names use the format @<scope>:<name>
, with
the @
being optional.
await team.destroy('@npm:cli', {token: 'myregistrytoken'})
// The @npm:cli team has been destroyed.
> team.add(user, team, [opts]) -> Promise
Adds user
to team
.
await team.add('zkat', '@npm:cli', {token: 'myregistrytoken'})
// @zkat now belongs to the @npm:cli team.
> team.rm(user, team, [opts]) -> Promise
Removes user
from team
.
await team.rm('zkat', '@npm:cli', {token: 'myregistrytoken'})
// @zkat is no longer part of the @npm:cli team.
> team.lsTeams(scope, [opts]) -> Promise
Resolves to an array of team names belonging to scope
.
await team.lsTeams('@npm', {token: 'myregistrytoken'})
=>
[
'npm:cli',
'npm:web',
'npm:registry',
'npm:developers'
]
> team.lsTeams.stream(scope, [opts]) -> Stream
Returns a stream of teams belonging to scope
.
For a Promise-based version of these results, see team.lsTeams()
.
for await (let team of team.lsTeams.stream('@npm', {token: 'myregistrytoken'})) {
console.log(team)
}
// outputs
// npm:cli
// npm:web
// npm:registry
// npm:developers
> team.lsUsers(team, [opts]) -> Promise
Resolves to an array of usernames belonging to team
.
For a streamed version of these results, see team.lsUsers.stream()
.
await team.lsUsers('@npm:cli', {token: 'myregistrytoken'})
=>
[
'iarna',
'zkat'
]
> team.lsUsers.stream(team, [opts]) -> Stream
Returns a stream of usernames belonging to team
.
For a Promise-based version of these results, see team.lsUsers()
.
for await (let user of team.lsUsers.stream('@npm:cli', {token: 'myregistrytoken'})) {
console.log(user)
}
// outputs
// iarna
// zkat
FAQs
npm Team management APIs
The npm package libnpmteam receives a total of 567,563 weekly downloads. As such, libnpmteam popularity was classified as popular.
We found that libnpmteam demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.