Freeze policy

Prevents any changes to the registry contents. The registry will be read-only

The Freeze policy prevents any changes to the contents of a registry.

All attempts to pull, push, publish, delete packages, tags and versions will be denied with a message that the registry is read-only.

The policy also prevents requests for package version information to be forwarded to upstreams. This will prevent unintended installation (npm install) failures when new package versions are added to upstreams.

This is a powerful way to makes sure that new packages and versions are ONLY introduced in a controlled manner.

If you’d like to watch a video guide on how to work with Freeze in Bytesafe registries - here’s a video for you.

Use cases

Control / Lock dependencies

Freeze registry to disallow automatic addition of package dependencies. Un-freeze to add approved packages when required.

Consistent package installs

Make sure that QA / testing and releases are made using the exact versions intended, even across different projects and teams.

As Freeze also prevents fetch of package version information from upstreams, required packages for testing can be installed in environments without unnecessary install failures.

Archive specific states

Enable freeze before archiving a registry to store the exact state of dependencies, enabling easy testing in the future.

Freeze registry to not only lock package versions, but also remove the link to any upstream. Requests for available package versions will not be forwarded to upstreams while Freeze is enabled.