July 10, 2014 | Written by: Patrick Mueller
Categorized: Community | How-tos
Share this post:
While npmjs.org is a great place to host node packages, ANYONE can access them. What happens if you have multiple application which all use a package you wrote, but you’d like to not have to publish that package publicly? Maybe it contains secrets, or maybe you just don’t think there’s any value in publishing it publicly.
Those sorts of packages are referred to as “private packages”.
Private packages like this aren’t really a first-class notion in the node world – yet. But there are various strategies you can use to provide this capability until they are.
I built a sample application that can be hosted on Bluemix that makes it easy to deal with private packages, via an
npm postinstall script. The sample app, description of how it works, and instructions how you can use it are available at this GitHub repo:
The documentation also discusses other strategies for dealing with private packages, in general.