创建和发布私有包

要与一组有限的用户或团队共享你的代码，你可以将私有用户范围或组织范围的包发布到 npm 注册表。

¥To share your code with a limited set of users or teams, you can publish private user-scoped or organization-scoped packages to the npm registry.

有关范围和私有包的更多信息，请参阅“关于范围”和“关于私有包”。

¥For more information on scopes and private packages, see "About scopes" and "About private packages".

创建私有包

¥Creating a private package

1. 如果你使用 npmrc 去 管理多个注册表上的账户，请在命令行上切换到相应的配置文件：

   ¥If you are using npmrc to manage accounts on multiple registries, on the command line, switch to the appropriate profile:

   npmrc <profile-name>

2. 在命令行上，为你的包创建一个目录：

   ¥On the command line, create a directory for your package:

   mkdir my-test-package

3. 导航到包的根目录：

   ¥Navigate to the root directory of your package:

   cd my-test-package

4. 如果你使用 git 管理你的包代码，请在包根目录中运行以下命令，将 git-remote-url 替换为你的包的 git 远程 URL：

   ¥If you are using git to manage your package code, in the package root directory, run the following commands, replacing git-remote-url with the git remote URL for your package:

   git init
   git remote add origin git://git-remote-url

5. 在包根目录中，运行 npm init 命令并将范围传递给 scope 标志：

   ¥In the package root directory, run the npm init command and pass the scope to the scope flag:

   • 对于组织范围的包，将 my-org 替换为你的组织名称：

     ¥For an organization-scoped package, replace my-org with the name of your organization:

     npm init --scope=@my-org

   • 对于用户范围的包，将 my-username 替换为你的用户名：

     ¥For a user-scoped package, replace my-username with your username:

     npm init --scope=@my-username

6. 根据提示生成 package.json 文件。如需命名包的帮助，请参阅“包名指南”。

   ¥Respond to the prompts to generate a package.json file. For help naming your package, see "Package name guidelines".

7. 创建一个 README 文件，说明你的包代码是什么以及如何使用它。

   ¥Create a README file that explains what your package code is and how to use it.

8. 在你首选的文本编辑器中，为你的包编写代码。

   ¥In your preferred text editor, write the code for your package.

查看包内容是否有敏感或不必要的信息

¥Reviewing package contents for sensitive or unnecessary information

将敏感信息发布到注册表可能会损害你的用户，损害你的开发基础架构，修复成本高昂，并使你面临法律诉讼的风险。我们强烈建议你在将包发布到注册表之前删除敏感信息，例如私钥、密码、个人身份信息 (PII) 和信用卡数据。即使你的包是私有的，如果包被公开或下载到可以被更多用户访问的计算机上，敏感信息也可能被泄露。

¥Publishing sensitive information to the registry can harm your users, compromise your development infrastructure, be expensive to fix, and put you at risk of legal action. We strongly recommend removing sensitive information, such as private keys, passwords, personally identifiable information (PII), and credit card data before publishing your package to the registry. Even if your package is private, sensitive information can be exposed if the package is made public or downloaded to a computer that can be accessed by more users than intended.

对于不太敏感的信息，例如测试数据，使用 .npmignore 或 .gitignore 文件来防止发布到注册表。有关详细信息，请参阅 此文章。

¥For less sensitive information, such as testing data, use a .npmignore or .gitignore file to prevent publishing to the registry. For more information, see this article.

测试你的包

¥Testing your package

为了减少发布错误的机会，我们建议在将包发布到 npm 注册表之前对其进行测试。要测试你的包，请使用包目录的完整路径运行 npm install：

¥To reduce the chances of publishing bugs, we recommend testing your package before publishing it to the npm registry. To test your package, run npm install with the full path to your package directory:

发布私有包

¥Publishing private packages

默认情况下，范围包以私有可见性发布。

¥By default, scoped packages are published with private visibility.

1. 在命令行上，导航到包的根目录。

   ¥On the command line, navigate to the root directory of your package.

   cd /path/to/package

2. 要将你的私有包发布到 npm 注册表，请运行：

   ¥To publish your private package to the npm registry, run:

   npm publish

3. 要查看你的私有包页面，请访问 https://npmjs.com/package/*package-name*，将 package-name 替换为你的包名称。私有包会在 npm 网站上的包名下方显示 private。

   ¥To see your private package page, visit https://npmjs.com/package/*package-name*, replacing package-name with the name of your package. Private packages will say private below the package name on the npm website.

   

有关 publish 命令的更多信息，请参阅 CLI 文档。

¥For more information on the publish command, see the CLI documentation.