- npm introduced organizations, which are a completely better solution to this problem. I moved Mapbox to using an organization and scoped packages to manage access to publishing open source code.
This is a templated version of an in-house tool at Mapbox called
mapbox-owners. Mapbox is a lot of people and maintains numerous open source projects, such that frequently people need to ask for npm ownership of new projects. I wrote
mapbox-owners to automate this conversation: in one command, anyone can give ownership of a module to everyone.
Working on Turf - a GIS system composed of 54 modules and counting - made me consider both dimensions of the problem, both modules and people. It’s likely that Turf’s modules will evolve all-at-once occasionally due to generated code. The Turf team will also grow - there are 8 maintainers and counting. Hence
ownership-all: a command that iterates through a list of modules and a list of users, adding each user to each module. In turf’s case, it automated 432 calls to the
npm owner add command.
When new people join, add them to the list of users in your
owners module and publish a new version to have them added by default. So far
ownership hasn’t dealt with the problem of removing owners, but that’d be a great contribution to the open source project.
ownership is designed to be forked, not used directly. Fork, rename, and manage as you’d like, so that you can
npm install mycorp-owners and run
mycorp-owners to use it with your team.