Publish to npm with public access when package is scoped and public

[m90]

N.B.: This PR might not even be needed, but I noticed that after opening it :sweat_smile:

---

I use @studio/changes for some projects and always just copied over my npm scripts from the previous project. For the last package I just ran into the following situation:

• The package is scoped (e.g. @foo/pkg) and public
• I set up changes using --init with default options
• When trying to publish to the npm registry a 402 Payment Required error was returned as npm thought the package should be private (which is the default behavior for scoped packages)
• Setting private: false in package.json made no difference
• I noticed my other scoped packages all pass --access public
• Adding the flag it to the "broken" package's publish command fixed it

This PR would allow users to pass through a non-default access level to npm publish.

The one thing I do not understand however: this very package (@studio/changes) does not pass --access public when publishing, nor does it specify private in package.json. How does it work here?

Documentation on --access can be found here: https://docs.npmjs.com/cli/v7/commands/npm-publish#description

[mantoni]

Publishing is out of scope for Studio Changes. It hooks into the version command and whether you actually publish to a registry or not is up to you to define in the postversion script.

We could add this flag for the init command, but I'm not sure whether it makes sense to maintain an edge case like this.

How about generating --access automatically if a package has a scoped name and private: false?

[m90]

We could add this flag for the init command, but I'm not sure whether it makes sense to maintain an edge case like this.

Yeah, this PR is nothing more but an additional flag for the init command.

How about generating --access automatically if a package has a scoped name and private: false?

I think that sounds like a brilliant idea. Would you keep the flag for --init too or remove it again?

[m90]

How about generating --access automatically if a package has a scoped name and private: false?

I added this.

Let me know if you want to keep the flag or if it should be removed (I'm mostly impartial about it).

[mantoni]

If you can think of a case where the automatic --access generation would not be sufficient, we can keep the flag. Otherwise I'd remove it to keep things simple.

[m90]

If you can think of a case where the automatic --access generation would not be sufficient, we can keep the flag. Otherwise I'd remove it to keep things simple.

Not really, I think inferring this from package.json is enough, i.e. I removed the flag.

[mantoni]

📦 This has been published as v2.2.0.

Thank you! 🙏