36

Basically the thing is I'm working on a project that uses grunt for build tasks and as I have a few dependencies here and there I thought it was a good idea to declare those on a package.json so that my co-workers can npm install without being required to manually install every package at the correct version.

Now the thing is, what if someone "accidentally" runs npm publish? Is there a way to have the package.json while keeping my stuff private?

4

2 回答 2

61

Yes, set private to true.

If you set "private": true in your package.json, then npm will refuse to publish it.

This is a way to prevent accidental publication of private repositories. If you would like to ensure that a given package is only ever published to a specific registry (for example, an internal registry), then use the publishConfig hash described below to override the registry config param at publish-time.

于 2013-03-29T21:34:30.887 回答
8

You can set "private" : true in your package.json file

Your CoWorkers will get an error if they try to publish it

于 2013-03-29T21:34:37.030 回答