Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Block republishing package in npm registry



  • Tried reading the documentation and searching the forum and unfortunately couldn't seem to find an answer to this: Is there a setting anywhere so that I can block the publishing of a package to an npm registry if there is already an existing package with the same version number in the registry? Occasionally developers will bump up the version number in the package.json at the root folder rather than the one in the lib folder and will end up publishing over top of an existing package before realizing the mistake. I'd like to make it so that's not physically possible.


  • inedo-engineer

    Basically, this involves denying or removing the "Overwrite Package" permission.

    Under the Security and Access Controls Documentation, we have a fairly detailed guide on Creating and Customizing Tasks which might help go into more detail!

    We definitely want to make this as easy as possible, without having to read through lots of documentation, so if you have recommendations on how/where to improve, please share it to us.

    Oh and we also gladly accept docs pull requests ;)



  • Thanks for the reply, this is exactly what I was looking for! I guess the piece I was missing was that there were additional permission options that aren't exposed by default, but that I could bring in by adding a new task. The links you provided helped me fill in those gaps, so thanks again for that!


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation