Tom MacWright


Update: This post was published in 2015. As of 2017,
  • npm introduced organizations, which are a completely better solution to this problem. I moved Mapbox to using an organization and scoped packages to manage access to publishing open source code.

ownership is a powertool for distributing permission to publish npm packages.

This is a templated version of an in-house tool at Mapbox called mapbox-owners. Mapbox is a lot of people and maintains numerous open source projects, such that frequently people need to ask for npm ownership of new projects. I wrote mapbox-owners to automate this conversation: in one command, anyone can give ownership of a module to everyone.

~/src/turf-jsdoc〉turf-owners turf-jsdoc
adding 7 owners to turf-jsdoc
✓ tmcw ✓ cwmma ✓ cspanring ✓ jseppi
✓ jvrousseau ✓ mourner ✓ morganherlocker

Working on Turf - a GIS system composed of 54 modules and counting - made me consider both dimensions of the problem, both modules and people. It’s likely that Turf’s modules will evolve all-at-once occasionally due to generated code. The Turf team will also grow - there are 8 maintainers and counting. Hence ownership-all: a command that iterates through a list of modules and a list of users, adding each user to each module. In turf’s case, it automated 432 calls to the npm owner add command.

When new people join, add them to the list of users in your owners module and publish a new version to have them added by default. So far ownership hasn’t dealt with the problem of removing owners, but that’d be a great contribution to the open source project.

ownership is designed to be forked, not used directly. Fork, rename, and manage as you’d like, so that you can npm install mycorp-owners and run mycorp-owners to use it with your team.