@standard npm organization

[feross]

Currently, our npm package permissions across all the various packages is inconsistent. What do folks think of making an npm organization? Not so that we can namespace modules, but just for managing permissions, i.e. every package in the standard ecosystem would be publishable by everyone in the @standard npm org?

I know that @bcomnes has the npm org standardjs that we could use. Does anyone know who has standard, which I think would be even nicer?

[brodybits]

My understanding of https://www.npmjs.com/policies/disputes is that they don’t like squatting on org names. I think it should be reasonable to contact support@npmjs.com since I see 0 packages published in the standard org. The one possible exception I can see is if it is a paid org.

Good luck!

[feross]

@brodybits Thanks for the tip. I just sent npm support an email.

[Flet]

I'm on board for this!

[nexdrew]

Unfortunately, I don't think that's the way npm package access works. AFAIK you can't manage permissions for an unscoped package using an org/team.

Read about this here: https://docs.npmjs.com/package-scope-access-level-and-visibility

Here's an important note on that page:

I also tried myself to grant an org read-write access to one of my unscoped packages via the npm access grant read-write org:team package command, and it fails with this message:

Usage: This command is only available for scoped packages.

So, unfortunately, the only way you could use an org on npm to manage access to standard packages is if you change the name of the packages to use the org's scope, e.g. @standard/standard.

[bcomnes]

Standardjs is available whenever you want. But agreed, standard/standard would be better.

While it is entirely an awkward experience, you can move unscoped packages over to orgs, I've done this many times.

[vweevers]

How about automating the ownership management? Write a tool that, given a list of npm usernames and packages, does npm owner add <user> <pkg>.