npm access public [<package>] npm access restricted [<package>] npm access grant <read-only|read-write> <scope:team> [<package>] npm access revoke <scope:team> [<package>] npm access 2fa-required [<package>] npm access 2fa-not-required [<package>] npm access ls-packages [<user>|<scope>|<scope:team>] npm access ls-collaborators [<package> [<user>]] npm access edit [<package>]
Used to set access controls on private packages.
For all of the subcommands,
npm access will perform actions on the packages
in the current working directory if no package name is passed to the
<user>is passed in, the list is filtered only to teams that user happens to belong to.
npm access always operates directly on the current registry, configurable
from the command line using
Unscoped packages are always public.
Scoped packages default to restricted, but you can either publish them as
npm publish --access=public, or set their access as public using
npm access public after the initial publish.
You must have privileges to set the access of a package:
If you have two-factor authentication enabled then you'll have to pass in an
--otp when making access changes.
If your account is not paid, then attempts to publish scoped packages will fail
with an HTTP 402 status code (logically enough), unless you use
Management of teams and team memberships is done with the
npm team command.