Scroll to navigation

NPM-ACCESS(1) General Commands Manual NPM-ACCESS(1)

NAME

npm-access

Synopsis

<!-- AUTOGENERATED USAGE DESCRIPTIONS -->

Description

Used to set access controls on private packages.

For all of the subcommands, npm access will perform actions on the packages in the current working directory if no package name is passed to the subcommand.

grant / revoke:
Add or remove the ability of users and teams to have read-only or read-write access to a package.

Details

npm access always operates directly on the current registry, configurable from the command line using --registry=<registry url>.

Unscoped packages are always public.

Scoped packages default to restricted, but you can either publish them as public using npm publish --access=public, or set their access as public using npm access set status=public after the initial publish.

You must have privileges to set the access of a package:

  • You are an owner of an unscoped or scoped package.
  • You are a member of the team that owns a scope.
  • You have been given read-write privileges for a package, either as a member of a team or directly as an owner.

If you have two-factor authentication enabled then you'll be prompted to provide a second factor, or may use the --otp=... option to specify it on the command line.

If your account is not paid, then attempts to publish scoped packages will fail with an HTTP 402 status code (logically enough), unless you use
--access=public.

Management of teams and team memberships is done with the npm team command.

Configuration

<!-- AUTOGENERATED CONFIG DESCRIPTIONS -->

See Also

  • libnpmaccess
  • npm team
  • npm publish
  • npm config
  • npm registry

March 2026 11.12.1