feat: default access to public

BREAKING CHANGE: The default value of `access` is now `public`
npm · Sep 29, 2022 · 525654e · 525654e
1 parent bc21552
commit 525654e
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 6 deletions.
diff --git a/workspaces/libnpmpublish/README.md b/workspaces/libnpmpublish/README.md
@@ -44,8 +44,8 @@ A couple of options of note:
   defaults to `latest`.
 
 * `opts.access` - tells the registry whether this package should be
-  published as public or restricted. Only applies to scoped packages, which
-  default to restricted.
+  published as `public` or `restricted`. Only applies to scoped
+  packages.  Defaults to `public`.
 
 * `opts.token` - can be passed in and will be used as the authentication
   token for the registry. For other ways to pass in auth details, see the

diff --git a/workspaces/libnpmpublish/lib/publish.js b/workspaces/libnpmpublish/lib/publish.js
@@ -17,10 +17,9 @@ Remove the 'private' field from the package.json to publish it.`),
   // spec is used to pick the appropriate registry/auth combo
   const spec = npa.resolve(manifest.name, manifest.version)
   opts = {
-    defaultTag: 'latest',
-    // if scoped, restricted by default
-    access: spec.scope ? 'restricted' : 'public',
+    access: 'public',
     algorithms: ['sha512'],
+    defaultTag: 'latest',
     ...opts,
     spec,
   }

diff --git a/workspaces/libnpmpublish/test/publish.js b/workspaces/libnpmpublish/test/publish.js
@@ -79,7 +79,66 @@ t.test('basic publish', async t => {
   t.ok(ret, 'publish succeeded')
 })
 
-t.test('scoped publish', async t => {
+t.test('scoped publish - default access', async t => {
+  const manifest = {
+    name: '@claudiahdz/libnpmpublish',
+    version: '1.0.0',
+    description: 'some stuff',
+  }
+
+  const tarData = await pack(`file:${testDir}`, { ...OPTS })
+  const shasum = crypto.createHash('sha1').update(tarData).digest('hex')
+  const integrity = ssri.fromData(tarData, { algorithms: ['sha512'] })
+  const packument = {
+    _id: '@claudiahdz/libnpmpublish',
+    name: '@claudiahdz/libnpmpublish',
+    description: 'some stuff',
+    'dist-tags': {
+      latest: '1.0.0',
+    },
+    versions: {
+      '1.0.0': {
+        _id: '@claudiahdz/[email protected]',
+        _nodeVersion: process.versions.node,
+        _npmVersion: '6.13.7',
+        name: '@claudiahdz/libnpmpublish',
+        version: '1.0.0',
+        description: 'some stuff',
+        dist: {
+          shasum,
+          integrity: integrity.toString(),
+          tarball: 'http://mock.reg/@claudiahdz/libnpmpublish/'
+            + '-/@claudiahdz/libnpmpublish-1.0.0.tgz',
+        },
+      },
+    },
+    access: 'public',
+    _attachments: {
+      '@claudiahdz/libnpmpublish-1.0.0.tgz': {
+        content_type: 'application/octet-stream',
+        data: tarData.toString('base64'),
+        length: tarData.length,
+      },
+    },
+  }
+
+  const srv = tnock(t, REG)
+  srv.put('/@claudiahdz%2flibnpmpublish', body => {
+    t.same(body, packument, 'posted packument matches expectations')
+    return true
+  }, {
+    authorization: 'Bearer deadbeef',
+  }).reply(201, {})
+
+  const ret = await publish(manifest, tarData, {
+    ...OPTS,
+    npmVersion: '6.13.7',
+    token: 'deadbeef',
+  })
+  t.ok(ret, 'publish succeeded')
+})
+
+t.test('scoped publish - restricted access', async t => {
   const manifest = {
     name: '@claudiahdz/libnpmpublish',
     version: '1.0.0',
@@ -132,6 +191,7 @@ t.test('scoped publish', async t => {
 
   const ret = await publish(manifest, tarData, {
     ...OPTS,
+    access: 'restricted',
     npmVersion: '6.13.7',
     token: 'deadbeef',
   })