Privacy Policy

We store information about access to and users on the and website, the API and repository. This data is stored in the US on Heroku and Amazon AWS servers.


All requests to the and websites are logged. The logs include information about the time the request was made and to which URL, the IP address it was from and browser user agent.

The logged data is only available to’s administrative team, but may be made available in aggregate and anonymized forms.

The websites uses Google Analytics to monitor and analyze user behavior. This service provides with information on users’ demographics, age, location, and interest categories, when such information is available. This information is not used to identify individual users, but can in some cases be very specific. You can learn more about the information gathered and retained by this service at the Google Analytics privacy policy. You can opt out of Google Analytics entirely with the Google Analytics opt-out browser addon.


A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.

The websites uses cookies to help identify logged in users. Website visitors who do not wish to have cookies placed on their computers should not log in to the websites.


A registered user is required to publish packages, to otherwise consume the API a user is not required. See the “User information” section below for more information about what user information is stored and is public.

Requests to the API is logged and the same information is stored as for the websites.


Packages published to are public. Package metadata will be displayed on the website and the full contents of the package will be available on the repository, as such care needs to be taken to not include private or confidential information in the package. Additionally, documentation that has been published to will be displayed to the public on Anything published to should be seen as public immediately and forever, if credentials are accidentally published they should be changed immediately.

Requests to the repository is logged and the same information is stored as for the websites.

User information

For registered users their username, email address, and cryptographically hashed password is stored and is required to be provided by users. In addition to this profile information, such as user’s full name and social media handles, may be stored of the user if the user chooses to provide it.

Profile information is public and accessible to anyone including the user’s username, email address, and full name with the ability to opt-out of showing the email address and full name. Packages owned and published by the user is also public. No other information, including the user’s password, is public and will not be shared with other parties.

Disclosure may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the Terms of Service.

United States Jurisdiction

The service is hosted in the United States. This Privacy Policy is intended to comply with privacy laws in the United States and may not comply with all privacy laws in other countries.

If you are a non-US user of the service, by using our service and providing us with data, you acknowledge, agree and provide your consent that your personal information may be processed in the United States for the purposes identified in this Privacy Policy. In addition, such data may be stored on servers located outside your resident jurisdiction, which may have less stringent privacy practices than your own. By using the service and providing us with your data, you consent to the transfer of such data and any less stringent privacy practices.


All emails to *** are stored, including the email address of the sender and the contents of the email. This information is available internally to but will not be disclosed to the outside. See the “Disclosure” section for exceptions to this.


Any questions about this Privacy Policy should be addressed to


Although most changes are likely to be minor, may change its Privacy Policy from time to time, and at’s sole discretion. The detailed history of changes can be found in the git repository history for this document. encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of the websites and the repository after any change in this Privacy Policy will constitute your acceptance of such change.

Credit and License

Parts of this policy document is based on npm’s Privacy Policy which in turn is partly based on the privacy policy.

This document may be reused under a Creative Commons Attribution-ShareAlike License.