Protected npm packages

Problem to solve

You need a way to protect your npm dependencies that are tied to a given release. You already have protections in place for branches, tags, and environments. You need the same thing for your npm dependencies.

Proposal

As part of the epic &5574, add support for protecting npm packages. By default, a protected package will do these things:

• It prevents its creation, if not already created, from everybody except users with Maintainer permission.
• It prevents pushes from everybody except users with Allowed permission.
• It prevents anyone from force pushing to the package.
• It prevents anyone from deleting the package.

Permissions

• GitLab administrators are allowed to push to the protected branches.
• The default branch protection level is set in the Admin Area.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.