我可以使用package.json但是避免将我的项目发布到npm服务器吗？

Basically the thing is I'm working on a project that uses grunt for build tasks and as I have a few dependencies here and there I thought it was a good idea to declare those on a package.json so that my co-workers can npm install without being required to manually install every package at the correct version.

基本上我正在研究一个使用grunt进行构建任务的项目，因为我在这里和那里有一些依赖项，我认为在package.json上声明这些是一个好主意，这样我的同事就可以了安装时无需手动安装正确版本的每个软件包。

Now the thing is, what if someone "accidentally" runs npm publish? Is there a way to have the package.json while keeping my stuff private?

现在问题是，如果有人“意外”运行npm发布会怎么样？有没有办法让package.json同时保持我的东西私密？

2 个解决方案

#1

Yes, set private to true.

是的，将private设置为true。

If you set "private": true in your package.json, then npm will refuse to publish it.

如果你在package.json中设置“private”：true，那么npm将拒绝发布它。

This is a way to prevent accidental publication of private repositories. If you would like to ensure that a given package is only ever published to a specific registry (for example, an internal registry), then use the publishConfig hash described below to override the registry config param at publish-time.

这是一种防止意外发布私有存储库的方法。如果您希望确保给定的包只发布到特定的注册表（例如，内部注册表），则使用下面描述的publishConfig哈希在发布时覆盖注册表配置参数。

#2

You can set "private" : true in your package.json file

您可以在package.json文件中设置“private”：true

Your CoWorkers will get an error if they try to publish it

如果您的CoWorkers尝试发布它，则会收到错误消息

#1