To prevent new packages from being uploaded, you can set an ecosystem you previously enabled to Read-Only, while still allowing existing packages to be downloaded.
- From an administrative account on GitHub Enterprise Server, click in the upper-right corner of any page.
- In the left sidebar, click Management Console.
- In the left sidebar, click Packages.
- Under "Ecosystem Toggles", for each package type, select Enabled, Read-Only, or Disabled.
- Under the left sidebar, click Save settings.
- Wait for the configuration run to complete.
If you've enabled npm packages on your enterprise and want to allow access to the official npm registry as well as the GitHub Packages npm registry, then you must perform some additional configuration.
GitHub Packages uses a transparent proxy for network traffic that connects to the official npm registry at
registry.npmjs.com. The proxy is enabled by default and cannot be disabled.
To allow network connections to the npm registry, you will need to configure network ACLs that allow GitHub Enterprise Server to send HTTPS traffic to
registry.npmjs.com over port 443:
|GitHub Enterprise Server||TCP/443||HTTPS|
Note that connections to
registry.npmjs.com traverse through the Cloudflare network, and subsequently do not connect to a single static IP address; instead, a connection is made to an IP address within the CIDR ranges listed here: https://www.cloudflare.com/ips/.
As a next step, we recommend you check if you need to update or upload a TLS certificate for your packages host URL. For more information, see "Getting started with GitHub Packages for your enterprise."