| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 |
- .TH "NPM-ACCESS" "1" "March 2026" "NPM@11.12.0" ""
- .SH "NAME"
- \fBnpm-access\fR - Set access level on published packages
- .SS "Synopsis"
- .P
- .RS 2
- .nf
- npm access list packages \[lB]<user>|<scope>|<scope:team>\[rB] \[lB]<package>\[rB]
- npm access list collaborators \[lB]<package> \[lB]<user>\[rB]\[rB]
- npm access get status \[lB]<package>\[rB]
- npm access set status=public|private \[lB]<package>\[rB]
- npm access set mfa=none|publish|automation \[lB]<package>\[rB]
- npm access grant <read-only|read-write> <scope:team> \[lB]<package>\[rB]
- npm access revoke <scope:team> \[lB]<package>\[rB]
- .fi
- .RE
- .P
- Note: This command is unaware of workspaces.
- .SS "Description"
- .P
- Used to set access controls on private packages.
- .P
- For all of the subcommands, \fBnpm access\fR will perform actions on the packages in the current working directory if no package name is passed to the subcommand.
- .RS 0
- .IP \(bu 4
- grant / revoke: Add or remove the ability of users and teams to have read-only or read-write access to a package.
- .RE 0
- .SS "Details"
- .P
- \fBnpm access\fR always operates directly on the current registry, configurable from the command line using \fB--registry=<registry url>\fR.
- .P
- Unscoped packages are \fIalways public\fR.
- .P
- Scoped packages \fIdefault to restricted\fR, but you can either publish them as public using \fBnpm publish --access=public\fR, or set their access as public using \fBnpm access set status=public\fR after the initial publish.
- .P
- You must have privileges to set the access of a package:
- .RS 0
- .IP \(bu 4
- You are an owner of an unscoped or scoped package.
- .IP \(bu 4
- You are a member of the team that owns a scope.
- .IP \(bu 4
- You have been given read-write privileges for a package, either as a member of a team or directly as an owner.
- .RE 0
- .P
- If you have two-factor authentication enabled then you'll be prompted to provide a second factor, or may use the \fB--otp=...\fR option to specify it on the command line.
- .P
- If your account is not paid, then attempts to publish scoped packages will fail with an HTTP 402 status code (logically enough), unless you use \fB--access=public\fR.
- .P
- Management of teams and team memberships is done with the \fBnpm team\fR command.
- .SS "Configuration"
- .SS "\fBjson\fR"
- .RS 0
- .IP \(bu 4
- Default: false
- .IP \(bu 4
- Type: Boolean
- .RE 0
- .P
- Whether or not to output JSON data, rather than the normal output.
- .RS 0
- .IP \(bu 4
- In \fBnpm pkg set\fR it enables parsing set values with JSON.parse() before saving them to your \fBpackage.json\fR.
- .RE 0
- .P
- Not supported by all npm commands.
- .SS "\fBotp\fR"
- .RS 0
- .IP \(bu 4
- Default: null
- .IP \(bu 4
- Type: null or String
- .RE 0
- .P
- This is a one-time password from a two-factor authenticator. It's needed when publishing or changing package permissions with \fBnpm access\fR.
- .P
- If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
- .SS "\fBregistry\fR"
- .RS 0
- .IP \(bu 4
- Default: "https://registry.npmjs.org/"
- .IP \(bu 4
- Type: URL
- .RE 0
- .P
- The base URL of the npm registry.
- .SS "See Also"
- .RS 0
- .IP \(bu 4
- \fB\[rs]fBlibnpmaccess\[rs]fR\fR \fI\(lahttps://npm.im/libnpmaccess\(ra\fR
- .IP \(bu 4
- npm help team
- .IP \(bu 4
- npm help publish
- .IP \(bu 4
- npm help config
- .IP \(bu 4
- npm help registry
- .RE 0
|
