verdaccio/docs/protect-your-dependencies.md

---
id: protect-your-dependencies
date: '2017-07-10T23:36:56.503Z'
title: "Protecting packages"
---

`verdaccio` allows you protect publish, to achieve that you will need to set up correctly your [packages acces](packages).

### Package configuration

Let's see for instance the following set up. You have a set of dependencies what are prefixed with `my-company-*` and you need to protect them from anonymous or another logged user without right credentials.

```yaml
  'my-company-*':
    access: admin teamA teamB teamC
    publish: admin teamA
    proxy: npmjs
```

With this configuration, basically we allow to groups **admin** and **teamA** to * publish* and **teamA**   **teamB** **teamC** *access* to such dependencies.

### Use case: teamD try to access the dependency

So, if I am logged as **teamD**. I shouldn't be able to access all dependencies that match with `my-company-*` pattern.

```bash
➜ npm whoami
teamD
```
I won't have access to such dependencies and also won't be visible via web for user **teamD**. If I try to access the following will happen.

```bash
➜ npm install my-company-core
npm ERR! code E403
npm ERR! 403 Forbidden: webpack-1@latest
```
or with `yarn`

```bash
➜ yarn add my-company-core
yarn add v0.24.6
info No lockfile found.
[1/4] 🔍  Resolving packages...
error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".
```
chore: first version of website using docusaurus 2017-12-16 13:25:59 +01:00			`---`
			`id: protect-your-dependencies`
			`date: '2017-07-10T23:36:56.503Z'`
			`title: "Protecting packages"`
			`---`
doc: add recipe to protect your packages 2017-07-24 07:25:50 +02:00
			`verdaccio` allows you protect publish, to achieve that you will need to set up correctly your [packages acces](packages).

			`### Package configuration`

			Let's see for instance the following set up. You have a set of dependencies what are prefixed with `my-company-*` and you need to protect them from anonymous or another logged user without right credentials.

			```yaml
			`'my-company-*':`
chore: first version of website using docusaurus 2017-12-16 13:25:59 +01:00			`access: admin teamA teamB teamC`
doc: add recipe to protect your packages 2017-07-24 07:25:50 +02:00			`publish: admin teamA`
			`proxy: npmjs`
chore: first version of website using docusaurus 2017-12-16 13:25:59 +01:00			```
doc: add recipe to protect your packages 2017-07-24 07:25:50 +02:00
			`With this configuration, basically we allow to groups admin and teamA to * publish* and teamA teamB teamC access to such dependencies.`

			`### Use case: teamD try to access the dependency`

chore: first version of website using docusaurus 2017-12-16 13:25:59 +01:00			So, if I am logged as teamD. I shouldn't be able to access all dependencies that match with `my-company-*` pattern.
doc: add recipe to protect your packages 2017-07-24 07:25:50 +02:00
			```bash
chore: first version of website using docusaurus 2017-12-16 13:25:59 +01:00			`➜ npm whoami`
doc: add recipe to protect your packages 2017-07-24 07:25:50 +02:00			`teamD`
			```
			`I won't have access to such dependencies and also won't be visible via web for user teamD. If I try to access the following will happen.`

			```bash
			`➜ npm install my-company-core`
			`npm ERR! code E403`
			`npm ERR! 403 Forbidden: webpack-1@latest`
			```
			or with `yarn`

			```bash
			`➜ yarn add my-company-core`
			`yarn add v0.24.6`
			`info No lockfile found.`
			`[1/4] 🔍 Resolving packages...`
			`error An unexpected error occurred: "http://localhost:5555/webpack-1: unregistered users are not allowed to access package my-company-core".`
			```