Use the Block policy to prevent specific packages or package versions from being added to a registry. This is done by creating a definition list per registry where the policy has been enabled.
Each block list is linked to a specific registry, allowing custom lists for different scenarios.
The policy does not prevent dependencies of blocked packages from being added to the registry (unless you have also explicitly added these to the block list).
Block policy settings
The Block settings allow users to define and store their specific composition of packages and versions that should be prevented from being added to a registry.
Block definitions can consist of either a package name, a specific package versions or ranges of package versions:
Definitions are validated directly.
To store any changes and exit the settings, simply click on the Save settings button.
Pin package versions in a registry to specific versions
In certain use-cases users may want to lock a package to a specific version, to disallow other versions of that package to be pulled from upstreams.
To block both older and new versions of a package, add a range to the definitions list, like:
react < 16.3.1 || > 16.3.1
This will allow only
firstname.lastname@example.org, all other versions of the package will be blocked.
Users that want to lock ALL package versions in a registry should use Freeze policy instead.
Block a specific package
Block all versions of a package by adding a package name definition to the list without specifying any version. Useful when making sure certain packages (regardless of versions) are not added to the registry.
Block specific package versions or ranges
Block a specific package version or range of versions. Allowing users to make sure specific versions are not added to the registry.