The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Return boolean private status in registry response
I would like that the npm registry includes
"private": true in a successful query response or some other way of indicating the private status of the queried package. When I am logged in with token X, there doesn’t seem to be a way to determine if a scoped package is public or private without attempting to query it a second time without a token.
package.json already has a field called
private which means “not published to any registry” (and disables
npm publish), I would suggest that this be called something else, say
access where a value other than
'public' means that it’s private? That would allow us to initially just set it to
'private' and later possibly include more.
As an implementation note, I don’t believe this will be needed in corgis.
@iarna yes you are very right about not polluting the meaning of
private, even if using that field were possible. I think any field that’s unambiguous and documented would be fine, including
As I mentioned elsewhere, the main - but not exclusive - reason I need this is for caching purposes, i.e. I want to have simple logic to know when I can cache scoped but public packages and not cache private packages. Although setting a “correct” HTTP header indicating cache yes/no would also be useful for clients in general, I feel that there should also be the
access field in the response body too, because it’s important at an application level too, not just client/cache.
Is the best next step for me to write an RFC?