The Freeze policy prevents any changes to the contents of a registry.
All attempts to
delete packages, tags and versions will be denied with a message that the registry is read-only.
The policy also prevents requests for package version information to be forwarded to upstreams. This will prevent unintended installation (
npm install) failures when new package versions are added to upstreams.
This is a powerful way to makes sure that new packages and versions are ONLY introduced in a controlled manner.
Control / Lock dependencies
Freeze registry to disallow automatic addition of package dependencies. Un-freeze to add approved packages when required.
Consistent package installs
Make sure that QA / testing and releases are made using the exact versions intended, even across different projects and teams.
As Freeze also prevents fetch of package version information from upstreams, required packages for testing can be installed in environments without unnecessary install failures.
Archive specific states
Enable freeze before archiving a registry to store the exact state of dependencies, enabling easy testing in the future.
Temporary remove link to upstreams
Freeze registry to not only lock package versions, but also remove the link to any upstream. Requests for available package versions will not be forwarded to upstreams while Freeze is enabled.