I see instructions for setting up package registry, but to me it looks like access to the registry is configured to be the same as the project itself. Private project registry: packages can only be downloaded with auth, public registry: packages are publicly available to download without auth. But I would like a mix of public and private scoped packages.
Here are more specific questions I have:
- Is a mix of scoped public and private packages even possible within the same project-level registry?
- In a public project, will the package registry respect the npm publish options of
access: restrictedon a per package basis?
- If a public project is in a private group with 2FA, does this complicate the situation?