verdaccio/website/docs/protect-your-dependencies.md

---
id: protect-your-dependencies
title: "Protecting packages"
---

Verdaccio allows you protect publishing to your registry. To achieve that you will need to set up correctly configure your [packages access](packages).

### Package configuration {#package-configuration}

Let's see for instance the following set up. You have a set of dependencies that are prefixed with `my-company-*` and you need to protect them from anonymous or other non-authorized logged-in users.

```yaml
"my-company-*":
  access: admin teamA teamB teamC
  publish: admin teamA
```

With this configuration, we allow the groups **admin** and **teamA** to _publish_ and **teamA**, **teamB** and **teamC** to _access_ the specified dependencies.

### Use case: teamD tries to access the dependency {#use-case-teamd-tries-to-access-the-dependency}

So, if I am logged as **teamD**. I shouldn't be able to access all dependencies that match the `my-company-*` pattern.

```bash
➜ npm whoami
teamD
```

I won't have access to such dependencies and they also won't be visible via the web interface for user **teamD**. If I try to access it, the following will happen:

```bash
➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest
```

or with `yarn`:

```bash
➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4] 🔍  Resolving packages...
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".
```
chore: relocate website for netlify migration (#2323) 2021-07-11 15:42:56 +02:00			`---`
			`id: protect-your-dependencies`
			`title: "Protecting packages"`
			`---`

			`Verdaccio allows you protect publishing to your registry. To achieve that you will need to set up correctly configure your [packages access](packages).`

feat: migrate Verdaccio.org to Docusaurus v2 and new design (#2343) Co-authored-by: Juan Picado <juanpicado19@gmail.com> 2021-07-27 21:52:49 +02:00			`### Package configuration {#package-configuration}`
chore: relocate website for netlify migration (#2323) 2021-07-11 15:42:56 +02:00
			Let's see for instance the following set up. You have a set of dependencies that are prefixed with `my-company-*` and you need to protect them from anonymous or other non-authorized logged-in users.

			```yaml
			`"my-company-*":`
			`access: admin teamA teamB teamC`
			`publish: admin teamA`
			```

			`With this configuration, we allow the groups admin and teamA to _publish_ and teamA, teamB and teamC to _access_ the specified dependencies.`

feat: migrate Verdaccio.org to Docusaurus v2 and new design (#2343) Co-authored-by: Juan Picado <juanpicado19@gmail.com> 2021-07-27 21:52:49 +02:00			`### Use case: teamD tries to access the dependency {#use-case-teamd-tries-to-access-the-dependency}`
chore: relocate website for netlify migration (#2323) 2021-07-11 15:42:56 +02:00
			So, if I am logged as teamD. I shouldn't be able to access all dependencies that match the `my-company-*` pattern.

			```bash
			`➜ npm whoami`
			`teamD`
			```

			`I won't have access to such dependencies and they also won't be visible via the web interface for user teamD. If I try to access it, the following will happen:`

			```bash
			`➜ npm install my-company-core`
			`npm ERR! code E403`
			`npm ERR! 403 Forbidden: webpack-1@latest`
			```

			or with `yarn`:

			```bash
			`➜ yarn add my-company-core`
			`yarn add v0.24.6`
			`info No lockfile found.`
			`[1/4] 🔍 Resolving packages...`
			`error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".`
			```