Specify Flag to Prohibit Upload to NPM

In your package.json file, you can specify a flag to prohibit uploading to NPM.

{
  "private": true
}

The default value for private is false. When set to true, it will prevent the package from being published to the NPM registry.

The challenge with the default is that it is not explicitly set, and it is easy to forget to set it. By setting it to true, you are explicitly stating that the package should not be published to the NPM registry.

The flag can be used with the license specification in the package.json file, for private packages.

{
  "private": true,
  "license": "UNLICENSED"
}

I believe generated packages have the license: ISC. This is a permissive license, but it is not suitable for all projects. By setting the license to UNLICENSED, you are explicitly stating that the package is not licensed for use by others.

Resources and References

package.json
dev.to: “Everything about package.json”

til

Today I Learned: collection of notes, tips and tricks and stuff I learn from day to day working with computers and technology as an open source contributor and product manager

Specify Flag to Prohibit Upload to NPM

Resources and References