In your package.json
file, you can specify a flag to prohibit uploading to NPM.
{
"private": true
}
The default value for private
is false
. When set to true
, it will prevent the package from being published to the NPM registry.
The challenge with the default is that it is not explicitly set, and it is easy to forget to set it. By setting it to true
, you are explicitly stating that the package should not be published to the NPM registry.
The flag can be used with the license specification in the package.json
file, for private packages.
{
"private": true,
"license": "UNLICENSED"
}
I believe generated packages have the license: ISC
. This is a permissive license, but it is not suitable for all projects. By setting the license to UNLICENSED
, you are explicitly stating that the package is not licensed for use by others.