Staged Publishing for NPM Packages
Staged publishing for npm packages introduces an approval step before packages are made public. Maintainers must review and approve staged packages using two-factor authentication. This process is designed to enhance security and ensure quality control before package versions are released on the npm registry.
- ▪Staged publishing requires npm CLI version 11.15.0 or later and Node version 22.14.0 or higher.
- ▪Packages must already exist on the npm registry to be staged, and 2FA must be enabled on the npm account.
- ▪Maintainers can review staged packages using the CLI or npmjs.com before approving them for public release.
Opening excerpt (first ~120 words) tap to expand
Packages and modulesSecuring your codeStaged publishingStaged publishing for npm packagesTable of contentsHow staged publishing worksPrerequisitesStage a packageReview a staged packageUsing the CLIUsing npmjs.comApprove a staged packageUsing the CLIUsing npmjs.comUsing staged publishing with trusted publishersLearn moreStaged publishing adds an approval step before packages go live on the npm registry. Instead of publishing directly with npm publish, you can submit packages to a staging area with npm stage publish. A maintainer must then review and explicitly approve the staged package — with two-factor authentication (2FA) via the CLI or npmjs.com — before it becomes publicly available.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Npmjs.