Hi there,

Thanks for your awesome library :)

I am having issues with privately hosted packages.

As it currently stands, the private option in NPM's package.json is in my opinion quite misleading: it might as well be called canPublish.
The source code seems unambiguous: you cannot publish a package using npm publish with the package: false option (it will throw).

Short of making a massive backwards-incompatible change to npm, package.json, or both, is there a way to specify that a package is private?

Or am I just missing some fundamental knowledge about how private packages are published with npm/yarn publish?

Note that this extends to yarn as it seems to implement the exact same behaviour as NPM.