当 运行 直接阻止 `npm publish`
Prevent `npm publish` when ran directly
我不确定天气是否可能。
是否可以在 npm publish 运行 直接阻止发布并使其只能通过脚本访问。
直接执行npm publish时必须拒绝用户。即用户必须能够通过任何脚本或 npm run <script>
发布
或
有没有办法告诉 npm 只发布 <folder>/ 或在发布时查找 tarball。
将包标记为 private:
If you set "private": true in your package.json, then npm will refuse
to publish it.
This is a way to prevent accidental publication of private
repositories. If you would like to ensure that a given package is only
ever published to a specific registry (for example, an internal
registry), then use the publishConfig dictionary described below to
override the registry config param at publish-time.
{
"name": "some",
"version": "1.0.0",
"private": true
}
如果您试图在发布之前强制发生某些事情,请利用 prepublish 或 prepublishOnly npm-script.
是的,我们可以通过在 package.json
中设置 private: true 来限制 npm 以防止意外发布
你也可以有发布脚本
在你的 package.json
{
"scripts": {
"publish:mypackages": "npm publish folder1/file1.tgz --registry http://custom-registry..."
}
}
现在在 cmd 中:npm 运行 publish:mypackages
它将给定的 tarball 发布到您指定的注册表。
如果我将其标记为私有,我将根本无法发布。我的主要目的是防止意外发布。
NPM 团队提供了一个非常简单的解决方法。
package.json
{
"prepublishOnly": "node prepublish.js",
"release": "RELEASE_MODE=true npm publish"
}
prepublish.js
const RELEASE_MODE = !!(process.env.RELEASE_MODE)
if (!RELEASE_MODE) {
console.log('Run `npm run release` to publish the package')
process.exit(1) //which terminates the publish process
}
我不确定天气是否可能。
是否可以在 npm publish 运行 直接阻止发布并使其只能通过脚本访问。
直接执行npm publish时必须拒绝用户。即用户必须能够通过任何脚本或 npm run <script>
或
有没有办法告诉 npm 只发布 <folder>/ 或在发布时查找 tarball。
将包标记为 private:
If you set "private": true in your package.json, then npm will refuse to publish it.
This is a way to prevent accidental publication of private repositories. If you would like to ensure that a given package is only ever published to a specific registry (for example, an internal registry), then use the publishConfig dictionary described below to override the registry config param at publish-time.
{
"name": "some",
"version": "1.0.0",
"private": true
}
如果您试图在发布之前强制发生某些事情,请利用 prepublish 或 prepublishOnly npm-script.
是的,我们可以通过在 package.json
中设置 private: true 来限制 npm 以防止意外发布你也可以有发布脚本 在你的 package.json
{
"scripts": {
"publish:mypackages": "npm publish folder1/file1.tgz --registry http://custom-registry..."
}
}
现在在 cmd 中:npm 运行 publish:mypackages
它将给定的 tarball 发布到您指定的注册表。
如果我将其标记为私有,我将根本无法发布。我的主要目的是防止意外发布。
NPM 团队提供了一个非常简单的解决方法。
package.json
{
"prepublishOnly": "node prepublish.js",
"release": "RELEASE_MODE=true npm publish"
}
prepublish.js
const RELEASE_MODE = !!(process.env.RELEASE_MODE)
if (!RELEASE_MODE) {
console.log('Run `npm run release` to publish the package')
process.exit(1) //which terminates the publish process
}