Skip to content

Update npm documentation for anonymous requests on public packages

What does this MR do?

This MR is the first attempt to add documentation for each package manager that informs users that anonymous requests are indeed allowed. The majority of our docs focus on authenticated package installs, but for most formats, if the project is public, you can pull from the registry anonymously.

This MR focuses on NPM as it is being considered for use by the Secure team and is the most commonly used format.

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #296611

Edited by Tim Rizzi

Merge request reports

Loading