Fetching contributors…
Cannot retrieve contributors at this time
87 lines (67 sloc) 3.14 KB

Publishing NPM Packages


We need to be able to share code in different applications and version the shared code. Distributing these them as NPM packages is the approach we have agreed on.

Private Packages

We have some shared libraries that contain TELUS intellectual property or aren't ready to be shared publicly.

Shared Accounts

In order to facilitate shared access to private NPM packages that we share internally we use shared accounts and access tokens. Developers can find the shared .npmrc token in Vault or using Shippy:

vault read secret/common/npmrc-dev
shippy get secret npmrc-dev --common --field=npmrc

This lets us share access using a single shared secret (the token) rather than each developer having to maintain their own NPM account and teams to manage permissions of numerous accounts.

Please be warned that this token is shared. Many users will be authenticating with this single token. DO NOT run the npm logout command, it will deactivate the token for everyone. This can only be fixed by generating a new token and having all users and teams update their development environments and pipelines.


A package is just a directory with one or more files in it, that also has a file called "package.json" with some metadata about this package. A typical application, such as a website, will depend on dozens or hundreds of packages. These packages are often small. The general idea is that you create a small building block which solves one problem and solves it well. This makes it possible for you to compose larger, custom solutions out of these small, shared building blocks.


We currently have three shared accounts for specific purposes:


  1. Create the directory with package.json and run yarn install to install packages and create a yarn.lock file, which you should commit to Git.
  2. If you are transpiling code, transpile into a lib/ folder.
  3. Add .gitignore to ignore the lib/ folder.
  4. Add empty .npmignore so that lib can be part of the package distribution.
  5. Commit and push to GitHub.
  6. Publish the package with following commands:
  • npm version (major | minor | patch)
  • git push && git push --tags
  • npm publish
  1. If your package needs to be private and internal to TELUS Digital, reach out to one of the Architects for assistance in getting the package published in the @telusdigital organization and with read-only permissions assigned to the telusdigital-dev account token.

Recommended file structure

|-- src/
|-- lib/
|-- .eslintrc
|-- .gitignore
|-- .npmignore
|-- .babelrc
|-- package.json
|-- yarn.lock


Architects have ownership of the credentials for publishing private modules and managing the shared NPM account.