publish
npm publish
Uploads the current package to the registry so it can be installed by others. Honors the `files` field, `.npmignore`, and .gitignore to decide which files ship.
npm publish [<tarball>|<folder>] [--access=public|restricted] [--tag <tag>] [--dry-run] Common flags
| Flag | Purpose |
|---|---|
| --access public | Publish a scoped package as public (default for scoped is restricted) |
| --tag <name> | Publish under a dist-tag (e.g. next, beta) instead of latest |
| --dry-run | Simulate the publish and show which files would ship |
| --otp <code> | Provide a one-time 2FA code non-interactively |
| --provenance | Attach an SLSA provenance statement (npm 9.5+, on supported CI) |
Examples
npm publish --dry-run Preview the tarball contents before releasing
npm publish --access public Ship a scoped package publicly
npm publish --tag next Release a pre-release under the 'next' dist-tag
Gotcha
Once a version is published you cannot re-publish that exact `name@version` — bump the version first with `npm version`. Scoped packages default to `restricted` (paid); pass `--access public` on the first publish or the registry rejects it.
Related commands
npm version
Bumps the version field in package.json (and package-lock.json), then creates a git commit and tag — all in one step. Runs preversion/version/postversion lifecycle scripts.
npm pack
Creates the tarball (`<name>-<version>.tgz`) exactly as `npm publish` would upload, without actually publishing. Perfect for previewing shipped files or for installing locally to test.
npm unpublish
Removes a specific version — or the whole package — from the registry. Subject to strict rules: only within 72 hours of publish and only if nothing else depends on it.