---
title: npm-publish
section: 1
description: Publish a package
---
### Synopsis
<!-- AUTOGENERATED USAGE DESCRIPTIONS -->
### Description
Publishes a package to the registry so that it can be installed by name.
By default npm will publish to the public registry. This can be
overridden by specifying a different default registry or using a
[`scope`](/using-npm/scope) in the name, combined with a
scope-configured registry (see
[`package.json`](/configuring-npm/package-json)).
A `package` is interpreted the same way as other commands (like
`npm install` and can be:
* a) a folder containing a program described by a
[`package.json`](/configuring-npm/package-json) file
* b) a gzipped tarball containing (a)
* c) a url that resolves to (b)
* d) a `<name>@<version>` that is published on the registry (see
[`registry`](/using-npm/registry)) with (c)
* e) a `<name>@<tag>` (see [`npm dist-tag`](/commands/npm-dist-tag)) that
points to (d)
* f) a `<name>` that has a "latest" tag satisfying (e)
* g) a `<git remote url>` that resolves to (a)
The publish will fail if the package name and version combination already
exists in the specified registry.
Once a package is published with a given name and version, that specific
name and version combination can never be used again, even if it is removed
with [`npm unpublish`](/commands/npm-unpublish).
As of `npm@5`, both a sha1sum and an integrity field with a sha512sum of the
tarball will be submitted to the registry during publication. Subsequent
installs will use the strongest supported algorithm to verify downloads.
Similar to `--dry-run` see [`npm pack`](/commands/npm-pack), which figures
out the files to be included and packs them into a tarball to be uploaded
to the registry.
### Files included in package
To see what will be included in your package, run `npx npm-packlist`. All
files are included by default, with the following exceptions:
- Certain files that are relevant to package installation and distribution
are always included. For example, `package.json`, `README.md`,
`LICENSE`, and so on.
- If there is a "files" list in
[`package.json`](/configuring-npm/package-json), then only the files
specified will be included. (If directories are specified, then they
will be walked recursively and their contents included, subject to the
same ignore rules.)
- If there is a `.gitignore` or `.npmignore` file, then ignored files in
that and all child directories will be excluded from the package. If
_both_ files exist, then the `.gitignore` is ignored, and only the
`.npmignore` is used.
`.npmignore` files follow the [same pattern
rules](https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring)
as `.gitignore` files
- If the file matches certain patterns, then it will _never_ be included,
unless explicitly added to the `"files"` list in `package.json`, or
un-ignored with a `!` rule in a `.npmignore` or `.gitignore` file.
- Symbolic links are never included in npm packages.
See [`developers`](/using-npm/developers) for full details on what's
included in the published package, as well as details on how the package is
built.
### Configuration
<!-- AUTOGENERATED CONFIG DESCRIPTIONS -->
### See Also
* [package spec](/using-npm/package-spec)
* [npm-packlist package](http://npm.im/npm-packlist)
* [npm registry](/using-npm/registry)
* [npm scope](/using-npm/scope)
* [npm adduser](/commands/npm-adduser)
* [npm owner](/commands/npm-owner)
* [npm deprecate](/commands/npm-deprecate)
* [npm dist-tag](/commands/npm-dist-tag)
* [npm pack](/commands/npm-pack)
* [npm profile](/commands/npm-profile)
|