Use @localrepo/* for your monorepo package names

Usage no npm install needed!

<script type="module">
  import localrepoPledge from 'https://cdn.skypack.dev/@localrepo/pledge';



My name is Benjie Gillam; you can find me on Twitter, GitHub and npm as @benjie. I hereby pledge that I shall not publish any packages other than this package to the @localrepo scope on the npm registry.


The aim of this pledge it to make using @localrepo/* as the name of packages in your own monorepos a relatively safe thing to do (no risk of hijacking).

To npm employees:

I hereby grant you permission to remove any package within the @localrepo scope (i.e. packages named @localrepo/*) except for this @localrepo/pledge package without warning or confirmation.

How can I trust this?

How might this change in future?

I'm hoping that npm will make something like this official. If they want to do so using this namespace I'd certainly be happy to discuss it with them; that may result in this package disappearing and myself ceding control of the @localrepo scope to npm.


To help people find this npm scope, here's some search terms they might use (also search terms I used to try and find an already existing scope like this):

  • safe npm scope for monorepo
  • npm organization for local package names
  • reserved npm namespace for monorepos
  • scope to avoid npm dependency hijacking
  • monorepo package naming