Official node.js npm account

[jasnell]

Official projects such as citgm, nodereport, and readable-streams are currently published to npm using individual contributor accounts. If you look at the npm records there is no obvious official connection to the Node.js core project. It would likely be beneficial to have an official nodejs account on npm that can be associated with all official project.

[cjihrig]

+1 to an official npm organization (not individual account)

[evanlucas]

I'm +1 on this too!

[mhdawson]

+1 from me as well. Would be good to have the npm modules clearly associated with Node.js core.

[williamkapke]

Looks like @chrisdickinson owns https://www.npmjs.com/~nodejs under his @nodejs.org email.

[Fishrock123]

I'm totally for this. Think I brought this up a long time ago too.

[ChALkeR]

+1 from me.

[rnchamberlain]

+1 FYI for nodereport I used slt-release from https://github.com/strongloop/strong-tools, which does the git tag, package.json and changes file updates, and npm publish as a single command.

[mhdawson]

@jbergstroem a few thoughts about how we might manage access to the credentials that will be needed to publish npms:

1) we can we extend the current secrets repo to manage who can access 2) We could setup specific build/publish jobs and then control access to who can run these jobs.

thoughts ? I am kind of leaning towards 2), but we'd still need somewhere to store the credentials in that case.

[jbergstroem]

I think the secrets repo is a perfect fit for this. We create a new folder and add gpg keys to people that should have access. I'm not super comfortable with leaning on Jenkins jobs for security, seeing how we get pretty serious vulnerabilities every other month.

[jasnell]

+1 to using the secrets repo.

[mhdawson]

Discussion of how to manage here: https://github.com/nodejs/TSC/issues/211

[gdams]

+1

[mhdawson]

I think we can probably close this now as covered in https://github.com/nodejs/TSC/issues/211. I'll close and let me know if you disagree.