Is a project-level package registry containing a mix of public and private npm packages possible?

Is a project-level package registry containing a mix of public and private npm packages possible?

I see instructions for setting up package registry, but to me it looks like access to the registry is configured to be the same as the project itself. Private project registry: packages can only be downloaded with auth, public registry: packages are publicly available to download without auth. But I would like a mix of public and private scoped packages.

Here are more specific questions I have:

• Is a mix of scoped public and private packages even possible within the same project-level registry?
• In a public project, will the package registry respect the npm publish options of access: public and access: restricted on a per package basis?
• If a public project is in a private group with 2FA, does this complicate the situation?

Did you or someone else ever find an answer to this question? I have the same need and can’t find any answer in the docs.

I have also tried to create a public project and a private project in the same group, and configure npm to read from the group endpoint, and while this work locally with a personal access token, it does not seem to work in CI with the job token: the calls to the registry fail with error 403