Table of contents
1. Change the visibility of the package
1.1 Make the public package private
1.2 Make private packages public
2. Add collaborators to private packages owned by the user account
2.1 Granting access to private user packages on the web
2.2 Grant private package access from the command line interface
2.3 Granting access to private organization packages
3. Update the version number of the published software package
4. Deprecated and deprecated packages or package versions
4.1 Deprecate the entire package
4.2 Deprecating a single version of a package
4.3 De-recommended use of a package or version
4.4 Moving deprecated packages to npm
5. Unpublish the package from the registry
5.2 Unpublish a single version of a package
1. Change the visibility of the package
You can change the visibility of scoped packages from the website or from the command line.
You must be the owner of the user account or organization that owns the package to change the visibility of the package.
1.1 Make the public package private
If you want to limit access and visibility to a public package that you own, you can make that package private. When you make a package private, its access permissions are updated immediately and will be removed from the website within minutes of the change.
Note: Making a package private requires a paid user account or organization. To register a paid user or organization
This means upgrading to a paid user, which requires paying $7/month to publish private packages and add collaborators.
use the site
- On the npm website , go to the package page.
- On the package page, click Settings.
- Under "Package Access", select "Is the package private?"
- Click Update Package Settings.
using the command line
To make a public package private on the command line, run the following command, substituting <package-name>
the name of your package:
npm access restricted <package-name>
1.2 Make private packages public
Note: When you make a private package public, the package will be visible and downloadable to all npm users.
use the site
- On the npm website , go to the package page.
- On the package page, click Settings.
- Under "Package Access", deselect "Is the package private?"
- Click Update Package Settings.
using the command line
To make a public package private on the command line, run the following command, substituting <package-name>
the name of your package:
npm access public <package-name>
2. Add collaborators to private packages owned by the user account
As an npm user with a paid user account, you can add another npm user with a paid account as a collaborator on a private package you own.
Note: The users you want to add as collaborators on private packages must have paid user accounts.
2.1 Granting access to private user packages on the web
- On the npm site , go to the package you want to add a collaborator to:
https://www.npmjs.com/package/<your-package-name>
- On the package page, under Collaborators, click +.
- Enter the collaborator's npm username.
- Click Submit.
2.2 Grant private package access from the command line interface
To add a collaborator to a package on the command line, run the following command, substituting the <user>
collaborator's npm username and <your-package-name>
substituting the name of the private package:
npm owner add <user> <your-package-name>
2.3 Granting access to private organization packages
To grant npm users access to private org packages, you must have the org owner add them to your org, and then add them to a team that has access to private packages.
3. Update the version number of the published software package
When you make breaking changes to a published package, we recommend that you update the version number to communicate the scope of the change to others who depend on your code.
Note: If you have linked the git repository to a package, updating the package version number will also add a tag with the updated version number to the linked git repository.
1. To change package.json
the version number in , run the following command in the package root directory on the command line, substituting <update_type>
one of the Semantic Versioning Semantic Versioning release types (patch, major, or minor):
npm version <update_type>
Or directly modify the version field in package.json.
2. Run the npm publish command.
3. Go to your package page ( https://npmjs.com/package/<package>
) to check if the package version has been updated.
4. Deprecated and deprecated packages or package versions
You can deprecate a package if you no longer wish to maintain it, or if you want to encourage users to update to a new or different version . Deprecating a package or version will print a message to the terminal when the user installs that package or version.
A deprecation warning or message can say anything. You may wish to include a message encouraging users to update to a specific version or other supported package.
NOTE: We strongly recommend deprecating a package or package version rather than unpublishing unpublishing unpublishing them, as unpublishing completely removes a package from the registry, meaning that anyone who depends on it will no longer be able to use it it, and no warning is issued.
4.1 Deprecate the entire package
Deprecation of the entire package will be removed from the npm website, and the deprecation message will also be displayed on the package page.
Operations using the site
1. Log in to the npm account.
2. Click the avatar in the upper right corner, select package from the drop-down list, and select the corresponding package. The corresponding address is: jiang-isarray - npm (npmjs.com) https://www.npmjs.com/package/jiang-isarray
3. Click the "settings" tab page and drop down to the bottom.
4. Click the "Deprecate package" button.
5. If you continue to delete, enter the package name, click "Deprecat package" to deprecate and submit, and the interface will be verified according to the package name.
using the command line
To deprecate an entire package, run the following command, substituting <package-name>
the name of the package "<message>"
with the deprecation message:
npm deprecate <package-name> "<message>"
If you have enabled Two-Factor Authentication Two-Factor Authentication Two-Factor Authentication , --otp=123456
add a one-time password to the command (where 123456 is the code from your authenticator app).
4.2 Deprecating a single version of a package
When you deprecate a version of a package, a red message appears on the package page for that version, similar to deprecating an entire package.
using the command line
To deprecate a package version, run the following command, <package-name>
replacing with your package name, <version>
replacing with your version number, "<message>"
replacing with your deprecation message:
npm deprecate <package-name>@<version> "<message>"
4.3 De-recommended use of a package or version
To undeprecate a package, replace with (empty string) in one of the above commands."<message>"""
For example, to undeprecate a package version, run the following command, substituting the package name and version number:<package-name><version>
npm deprecate <package-name>@<version> ""
4.4 Moving deprecated packages to npm
If you no longer maintain a package, but other users depend on it, and you wish to remove it from your user profile, you can transfer it to the @npm user account owned by the npm registry.
NOTE: Once a package is transferred to an npm account, you will no longer be able to update it.
To transfer a package to an npm user account, run the following two commands in order, substituting the npm username and the package to transfer:<user>
<package-name>
<span style="color:#393a34"><span style="background-color:#f6f8fa">
</span></span>
npm owner add npm <package-name>
npm owner rm <user> <package-name>
5. Unpublish the package from the registry
As a package owner or collaborator, if your package has no dependencies, you can use the CLI to permanently remove it from the npm registry. You can unpublish within 72 hours of the initial release; beyond 72 hours, you can still unpublish if your package meets certain criteria.
These standards are set to avoid breaking the JavaScript package ecosystem. If you cannot unpublish your package, you can deprecate it.
Note: Removing all collaborators or teams from a package will not unpublish the package
5.1 Unpublish package
You can completely unpublish if you want to completely remove all versions of a package from the registry. This will remove it from the registry and it will fail to install.
To unpublish a package, the requirements of the package unpublish rules must be met.
use the site
1. Log in to the npm account.
2. Click the avatar in the upper right corner, select package from the drop-down list, and select the corresponding package. The corresponding address is: jiang-isarray - npm (npmjs.com) https://www.npmjs.com/package/jiang-isarray
3. Click the "settings" tab page and drop down to the bottom.
4. Click the "delete package" button
5. If you are sure to continue, enter the package name, and click Remove Package.
using the command line
To unpublish an entire package, run the following command, substituting <package-name>
the name of the package:
npm unpublish <package-name> -f
5.2 Unpublish a single version of a package
If you want to delete a single version of a package, you can unpublish one version without affecting the other versions. This will just remove that version from the registry and make it impossible to install that version. This option is only available through the npm CLI.
using the command line
To unpublish a single version of a package, run the following command, <package-name>
substituting your package name <version>
with your version number:
npm unpublish <package-name>@<version>
5.3 When to Unpublish
Unpublishing a package permanently removes the package from the registry, so other users can no longer install the package. Once a package is unpublished, republishing with the same name will be blocked for 24 hours. If you unpublish a package by mistake, we recommend republishing with a different name, or for unpublished versions, changing the version number and republishing.