We have a number of modules under the Node.js Foundation including:
We need to make sure that we have continuity in terms of being able to publish and update these modules.
We have decided to manage these modules as follows:
- Create a user called
nodejs-foundationwho we always add as one of the collaborators with admin rights and for which the password is maintained by the Build Working Group. - We would then add individuals as collaborators who can also publish.
Generally, a module push will be done by the additional collaborators.
The
nodejs-foundationuser is intended to be used as a backup as opposed to being part of the regular publishing flow. - In the cases where collaborators other than
nodejs-foundationcease to be active, the build workgroup would provide continuity by using thenode-foundationuser to add additional collaborators who would have the ability to push the module. Thenode-foundationuser could also be used to remove collaborators if that was ever necessary. - The purpose of the
nodejs-foundationuser is not to enable Build Workgroup members to publish npm modules, that should be left to the module collaborators.
This approach is consistent with how npm modules have been managed by a number of the companies who are foundation members and reports are that it has worked well.
The credentials required for the nodejs-foundation user are maintained in
encrypted form in the secrets repo.
To publish a new npm package, open an issue in nodejs/admin, pinging TSC. Publishing a new package follows the same rules as creating a new GitHub repository