Creating and publishing scoped public packages
To share your code publicly in a user or organization namespace, you can publish public user-scoped or organization-scoped packages to the npm registry.
For more information on scopes, see "About scopes".
Note: Before you can publish user-scoped npm packages, you must sign up for an npm user account.
Additionally, to publish organization-scoped packages, you must create an npm user account, then create an npm organization.
Creating a scoped public package
If you are using npmrc to manage accounts on multiple registries, on the command line, switch to the appropriate profile:npmrc <profile-name>
On the command line, create a directory for your package:mkdir my-test-package
Navigate to the root directory of your package:cd my-test-package
If you are using git to manage your package code, in the package root directory, run the following commands, replacing
git-remote-urlwith the git remote URL for your package:git initgit remote add origin git://git-remote-url
In the package root directory, run the
npm initcommand and pass the scope to the
For an organization-scoped package, replace
my-orgwith the name of your organization:npm init --scope=@my-org
For a user-scoped package, replace
my-usernamewith your username:npm init --scope=@my-username
Respond to the prompts to generate a
package.jsonfile. For help naming your package, see "Package name guidelines".
Create a README file that explains what your package code is and how to use it.
In your preferred text editor, write the code for your package.
Reviewing package contents for sensitive or unnecessary information
Publishing sensitive information to the registry can harm your users, compromise your development infrastructure, be expensive to fix, and put you at risk of legal action. We strongly recommend removing sensitive information, such as private keys, passwords, personally identifiable information (PII), and credit card data before publishing your package to the registry.
For less sensitive information, such as testing data, use a
.gitignore file to prevent publishing to the registry. For more information, see this article.
Testing your package
To reduce the chances of publishing bugs, we recommend testing your package before publishing it to the npm registry. To test your package, run
npm install with the full path to your package directory:
npm install my-package
Publishing scoped public packages
By default, scoped packages are published with private visibility. To publish a scoped package with public visibility, use
npm publish --access public.
On the command line, navigate to the root directory of your package.cd /path/to/package
To publish your scoped public package to the npm registry, run:npm publish --access public
Note: If you use GitHub Actions to publish your packages, you can generate provenance information for each package you publish. For more information, see "Generating provenance statements."
To see your public package page, visit https://npmjs.com/package/\*package-name\*, replacing *package-name* with the name of your package. Public packages will say
publicbelow the package name on the npm website.
For more information on the
publish command, see the CLI documentation.