My name is Benjie Gillam; you can find me on Twitter, GitHub and npm as
@benjie. I hereby pledge that I shall not publish any packages other than this
package to the
@localrepo scope on the npm registry.
The aim of this pledge it to make using
@localrepo/* as the name of packages
in your own monorepos a relatively safe thing to do (no risk of hijacking).
To npm employees:
I hereby grant you permission to remove any package within the
scope (i.e. packages named
@localrepo/*) except for this
package without warning or confirmation.
How can I trust this?
- Visit https://www.npmjs.com/org/localrepo and assert there's only one package
- Visit https://github.com/benjie/localrepo-pledge and see this content
- Visit https://github.com/sponsors/benjie for some social proof
How might this change in future?
I'm hoping that npm will make something like this official. If they want to do
so using this namespace I'd certainly be happy to discuss it with them; that
may result in this package disappearing and myself ceding control of the
@localrepo scope to npm.
To help people find this npm scope, here's some search terms they might use (also search terms I used to try and find an already existing scope like this):
- safe npm scope for monorepo
- npm organization for local package names
- reserved npm namespace for monorepos
- scope to avoid npm dependency hijacking
- monorepo package naming