Skip to content

fix!: default opts.access to null to preserve registry behavior #9419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
owlstronaut merged 1 commit into from
May 28, 2026
+14 −7
Merged

fix!: default opts.access to null to preserve registry behavior #9419

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions workspaces/libnpmpublish/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,13 @@ A couple of options of note:
defaults to `latest`.

* `opts.access` - tells the registry whether this package should be
published as `public` or `restricted`. Only applies to scoped
packages. Defaults to `public`.
published as `'public'` or `'restricted'`. May also be `null`, which
preserves the existing access level on already-published packages and
defers to the registry's default for new packages (the registry treats
scoped packages as `restricted` and unscoped packages as `public` by
default). Only `'restricted'` and `null` are meaningful for scoped
packages; `'restricted'` is rejected for unscoped packages. Defaults to
`null`.

* `opts.token` - can be passed in and will be used as the authentication
token for the registry. For other ways to pass in auth details, see the
Expand Down
2 changes: 1 addition & 1 deletion workspaces/libnpmpublish/lib/publish.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Remove the 'private' field from the package.json to publish it.`),
// spec is used to pick the appropriate registry/auth combo
const spec = npa.resolve(manifest.name, manifest.version)
opts = {
access: 'public',
access: null,
algorithms: ['sha512'],
defaultTag: 'latest',
...opts,
Expand Down
10 changes: 6 additions & 4 deletions workspaces/libnpmpublish/test/publish.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ t.test('basic publish - no npmVersion', async t => {
},
},
},
access: 'public',
access: null,
_attachments: {
'libnpmpublish-test-1.0.0.tgz': {
content_type: 'application/octet-stream',
Expand Down Expand Up @@ -110,7 +110,7 @@ t.test('scoped publish', async t => {
},
},
},
access: 'public',
access: null,
_attachments: {
'@npmcli/libnpmpublish-test-1.0.0.tgz': {
content_type: 'application/octet-stream',
Expand Down Expand Up @@ -302,7 +302,7 @@ t.test('other error code', async t => {
const packument = {
name: 'libnpmpublish',
description: 'some stuff',
access: 'public',
access: null,
_id: 'libnpmpublish',
'dist-tags': {
latest: '1.0.0',
Expand Down Expand Up @@ -546,6 +546,7 @@ t.test('publish existing package with provenance in gha', async t => {

const ret = await publish(manifest, tarData, {
...opts,
access: 'public',
provenance: true,
fulcioURL: fulcioURL,
rekorURL: rekorURL,
Expand Down Expand Up @@ -766,7 +767,7 @@ t.test('user-supplied provenance - success', async t => {
},
},
},
access: 'public',
access: null,
_attachments: {
'@npmcli/libnpmpublish-test-1.0.0.tgz': {
content_type: 'application/octet-stream',
Expand Down Expand Up @@ -1091,6 +1092,7 @@ t.test('publish existing package with provenance in gitlab', async t => {

const ret = await publish(manifest, tarData, {
...opts,
access: 'public',
provenance: true,
fulcioURL: fulcioURL,
rekorURL: rekorURL,
Expand Down
Loading