1
00:00:00,730 --> 00:00:05,050
Unless video is established that we're going to share all of our code during NPM package.

2
00:00:05,150 --> 00:00:09,490
And the first thing I want to discuss around publishing our common library as an NPM package is the

3
00:00:09,490 --> 00:00:11,670
security of our code.

4
00:00:11,770 --> 00:00:15,670
So inside of our common library we're going to have some really common middleware as you're going to

5
00:00:15,670 --> 00:00:21,010
see all over online such as that require authentication middleware and that air handling stuff and so

6
00:00:21,010 --> 00:00:26,080
on but inside of your own personal project you might be working on the future your cum library might

7
00:00:26,080 --> 00:00:31,090
have some very sensitive code inside of it it might contain some very sensitive business logic or something

8
00:00:31,090 --> 00:00:32,110
similar.

9
00:00:32,110 --> 00:00:36,970
And so before even creating this package I just want to have a quick discussion on package security

10
00:00:38,090 --> 00:00:40,310
when we published a package with NPM.

11
00:00:40,310 --> 00:00:45,380
There are really three different options or three very popular options I should say available to us

12
00:00:46,040 --> 00:00:50,780
to make this package available to other people inside of our company or other people who are working

13
00:00:50,810 --> 00:00:51,950
on our project.

14
00:00:51,950 --> 00:00:55,940
We can publish this package to the NPM public registry.

15
00:00:55,940 --> 00:01:01,580
We can publish it to the public registry inside of an organization or we can publish it to a private

16
00:01:01,580 --> 00:01:06,510
registry when we published a package directly to the public registry.

17
00:01:06,510 --> 00:01:08,930
Anyone else can see this package by default.

18
00:01:08,930 --> 00:01:14,230
And so anyone else can take a look at your code and possibly see your business logic inside their if

19
00:01:14,230 --> 00:01:17,160
you instead publish your package to a organization.

20
00:01:17,170 --> 00:01:23,110
We can mark the organization as public enemy it has private and then only people who are a member of

21
00:01:23,110 --> 00:01:26,390
this organization can see the packages inside.

22
00:01:26,530 --> 00:01:32,710
If you want to use a private organization you do have to pay extra money to NPM.

23
00:01:32,750 --> 00:01:37,520
You can also create a private registry and access to this will be limited to whoever you give direct

24
00:01:37,520 --> 00:01:42,350
access to if you try to create a private registry directly through NPM.

25
00:01:42,350 --> 00:01:43,760
You end up having to pay money.

26
00:01:43,760 --> 00:01:49,120
Alternatively you can also host your own open source version of a champion registry which is free but

27
00:01:49,130 --> 00:01:50,840
requires a bit of additional setup.

28
00:01:51,530 --> 00:01:57,350
So in total if we just publish this package directly to NPM it will be public invisible to all.

29
00:01:57,380 --> 00:02:02,210
If we publish it inside of a private organization it will be only accessible by people who are a member

30
00:02:02,210 --> 00:02:03,830
of our organization.

31
00:02:04,070 --> 00:02:08,420
And if we publish it to a private registry then only people who have access to our registry will be

32
00:02:08,420 --> 00:02:08,900
able to see it.

33
00:02:10,040 --> 00:02:12,410
We're going to end up going with the organization option.

34
00:02:12,530 --> 00:02:17,270
So we are going to create a new organization and then publish our package inside there and just you

35
00:02:17,270 --> 00:02:20,690
know there are public and private organizations.

36
00:02:20,750 --> 00:02:25,070
If you create a public organization then everyone else is going to be able to see the package inside

37
00:02:25,070 --> 00:02:25,590
of here.

38
00:02:25,610 --> 00:02:28,910
It's only when we create a private one that the package will be hidden.

39
00:02:29,940 --> 00:02:34,790
Creating a public organization does cost money so we're not going to create a private one.

40
00:02:34,800 --> 00:02:36,180
We're going to create a public one.

41
00:02:36,270 --> 00:02:39,400
But you can very easily turn it into private if you wish to do so.

42
00:02:40,330 --> 00:02:45,880
Let's first get started by creating this organization to do so I can open up a new browser tab and navigate

43
00:02:45,880 --> 00:02:49,980
to NPM JSC dot com once over here.

44
00:02:50,120 --> 00:02:52,780
I'm gonna make sure that I've signed up for an NPM account.

45
00:02:52,940 --> 00:02:58,330
I'll click on myself on the top right hand side and I'll click on Add organization.

46
00:02:58,400 --> 00:03:04,130
I'm going to get prompted to create a new organization as you can see right away that we can create

47
00:03:04,160 --> 00:03:06,760
either a private one or a public one.

48
00:03:06,800 --> 00:03:10,280
If you want a private one you've got to pay some money so we're not going to go with the private one

49
00:03:10,280 --> 00:03:16,730
because honestly there's not really a lot of secure or sensitive code inside of our common module Let's

50
00:03:16,730 --> 00:03:20,220
type in a name for our custom organization.

51
00:03:20,300 --> 00:03:26,330
I'm going to use a name of SMG tickets so that's going to be the name of my organization.

52
00:03:26,390 --> 00:03:32,180
All organization names created on NPM must be unique so you will not be able to use SGI tickets.

53
00:03:32,300 --> 00:03:35,660
You're going to have to come up with your own name for your organization.

54
00:03:35,660 --> 00:03:39,800
Just make sure it's something you can easily remember it just you know I used SGA because those are

55
00:03:39,800 --> 00:03:40,510
my initials.

56
00:03:40,520 --> 00:03:47,360
Stephen Greider after that I click on Create I then get prompted to invite some people.

57
00:03:47,520 --> 00:03:52,560
So if I had marked this organization as private I would have to invite other people in order for them

58
00:03:52,560 --> 00:03:56,270
to see these packages and install them into their own projects.

59
00:03:56,280 --> 00:04:00,670
In this case I don't have anyone else to invite so I'll just click on Skip and that's it.

60
00:04:01,680 --> 00:04:07,050
So now we can create our own packages and push them to this organization.

61
00:04:08,160 --> 00:04:11,020
And if we had Mark this organization as private they'd be great.

62
00:04:11,020 --> 00:04:12,130
No one else will be able to see these.

63
00:04:12,130 --> 00:04:15,050
But again I don't want to pay any money for this.

64
00:04:15,160 --> 00:04:15,400
All right.

65
00:04:15,410 --> 00:04:16,960
So now we've created this organization.

66
00:04:16,960 --> 00:04:18,970
Let's take a pause right here in the next video.

67
00:04:18,970 --> 00:04:24,820
We're going to actually create our common module and make sure that we publish it to this private or

68
00:04:25,080 --> 00:04:26,770
this public organization.