-1

I created the feed to store private npm package there. When I publish my private package from the project - some another public packages are published to this feed.

  1. Can I somehow prevent publishing of public packages to the feed?
  2. Is it ok to store public packages on the VSTS feed?
SashaSemanyuk
  • 357
  • 6
  • 20
  • Possible duplicate of [pushing public package to azure devops feed](https://stackoverflow.com/questions/53030782/pushing-public-package-to-azure-devops-feed) – Daniel Mann Nov 07 '18 at 13:59
  • 2
    Your feed has an upstream source. This is normal. It's caching the public packages for you. – Daniel Mann Nov 07 '18 at 14:00
  • @DanielMann, one more question. Can I find information about that the packages is cached in the Azure DevOps documentation? I would like to dig deep into the caching of packages. – SashaSemanyuk Nov 07 '18 at 14:39
  • https://learn.microsoft.com/en-us/azure/devops/artifacts/concepts/upstream-sources?view=vsts – Daniel Mann Nov 07 '18 at 15:33

1 Answers1

0

Daniel Mann is correct - you most likely have the npmjs upstream source. Because npm only supports a single registry, the upstream source is required to use both public and private packages in the same project. This is by design and recommended by the Azure Artifacts team. The "Source" column on your package list should show that these packages come from npmjs directly.

Alex Mullans
  • 1,699
  • 2
  • 17
  • 34