1--- 2title: npm-access 3section: 1 4description: Set access level on published packages 5--- 6 7### Synopsis 8 9```bash 10npm access list packages [<user>|<scope>|<scope:team> [<package>] 11npm access list collaborators [<package> [<user>]] 12npm access get status [<package>] 13npm access set status=public|private [<package>] 14npm access set mfa=none|publish|automation [<package>] 15npm access grant <read-only|read-write> <scope:team> [<package>] 16npm access revoke <scope:team> [<package>] 17``` 18 19Note: This command is unaware of workspaces. 20 21### Description 22 23Used to set access controls on private packages. 24 25For all of the subcommands, `npm access` will perform actions on the packages 26in the current working directory if no package name is passed to the 27subcommand. 28 29* public / restricted (deprecated): 30 Set a package to be either publicly accessible or restricted. 31 32* grant / revoke (deprecated): 33 Add or remove the ability of users and teams to have read-only or read-write 34 access to a package. 35 36* 2fa-required / 2fa-not-required (deprecated): 37 Configure whether a package requires that anyone publishing it have two-factor 38 authentication enabled on their account. 39 40* ls-packages (deprecated): 41 Show all of the packages a user or a team is able to access, along with the 42 access level, except for read-only public packages (it won't print the whole 43 registry listing) 44 45* ls-collaborators (deprecated): 46 Show all of the access privileges for a package. Will only show permissions 47 for packages to which you have at least read access. If `<user>` is passed in, 48 the list is filtered only to teams _that_ user happens to belong to. 49 50* edit (not implemented) 51 52### Details 53 54`npm access` always operates directly on the current registry, configurable 55from the command line using `--registry=<registry url>`. 56 57Unscoped packages are *always public*. 58 59Scoped packages *default to restricted*, but you can either publish them as 60public using `npm publish --access=public`, or set their access as public using 61`npm access public` after the initial publish. 62 63You must have privileges to set the access of a package: 64 65* You are an owner of an unscoped or scoped package. 66* You are a member of the team that owns a scope. 67* You have been given read-write privileges for a package, either as a member 68 of a team or directly as an owner. 69 70If you have two-factor authentication enabled then you'll be prompted to provide a second factor, or may use the `--otp=...` option to specify it on 71the command line. 72 73If your account is not paid, then attempts to publish scoped packages will 74fail with an HTTP 402 status code (logically enough), unless you use 75`--access=public`. 76 77Management of teams and team memberships is done with the `npm team` command. 78 79### Configuration 80 81#### `json` 82 83* Default: false 84* Type: Boolean 85 86Whether or not to output JSON data, rather than the normal output. 87 88* In `npm pkg set` it enables parsing set values with JSON.parse() before 89 saving them to your `package.json`. 90 91Not supported by all npm commands. 92 93 94 95#### `otp` 96 97* Default: null 98* Type: null or String 99 100This is a one-time password from a two-factor authenticator. It's needed 101when publishing or changing package permissions with `npm access`. 102 103If not set, and a registry response fails with a challenge for a one-time 104password, npm will prompt on the command line for one. 105 106 107 108#### `registry` 109 110* Default: "https://registry.npmjs.org/" 111* Type: URL 112 113The base URL of the npm registry. 114 115 116 117### See Also 118 119* [`libnpmaccess`](https://npm.im/libnpmaccess) 120* [npm team](/commands/npm-team) 121* [npm publish](/commands/npm-publish) 122* [npm config](/commands/npm-config) 123* [npm registry](/using-npm/registry) 124