Publishing NPM Packages
We need to be able to share code in different applications and version the shared code. Distributing these them as NPM packages is the approach we have agreed on.
We have some shared libraries that contain TELUS intellectual property or aren't ready to be shared publicly.
In order to facilitate shared access to private NPM packages that we share
internally we use shared accounts and access tokens. Developers can find the
.npmrc token in Vault or using Shippy:
vault read secret/common/npmrc-dev shippy get secret npmrc-dev --common --field=npmrc
This lets us share access using a single shared secret (the token) rather than each developer having to maintain their own NPM account and teams to manage permissions of numerous accounts.
Please be warned that this token is shared. Many users will be authenticating
with this single token. DO NOT run the
npm logout command, it will
deactivate the token for everyone. This can only be fixed by generating a new
token and having all users and teams update their development environments and
A package is just a directory with one or more files in it, that also has a file called "package.json" with some metadata about this package. A typical application, such as a website, will depend on dozens or hundreds of packages. These packages are often small. The general idea is that you create a small building block which solves one problem and solves it well. This makes it possible for you to compose larger, custom solutions out of these small, shared building blocks.
We currently have three shared accounts for specific purposes:
- telusdigital-dev for maintaining shared, read-only developer token.
- telusdigital-admin for owning the organization and publishing packages.
- telusmobility for publishing some mobility modules.
- Create the directory with
yarn installto install packages and create a
yarn.lockfile, which you should commit to Git.
- If you are transpiling code, transpile into a
- Add .gitignore to ignore the
- Add empty
.npmignoreso that lib can be part of the package distribution.
- Commit and push to GitHub.
- Publish the package with following commands:
npm version (major | minor | patch)
git push && git push --tags
- If your package needs to be private and internal to TELUS Digital, reach out to one of the Architects for assistance in getting the package published in the
@telusdigitalorganization and with read-only permissions assigned to the
Recommended file structure
myPackage/ |-- src/ |-- lib/ |-- .eslintrc |-- .gitignore |-- .npmignore |-- .babelrc |-- package.json |-- README.md |-- yarn.lock
Architects have ownership of the credentials for publishing private modules and managing the shared NPM account.