fix(publish): skip workspace packages marked private on publish (#7564)

`npm publish --workspaces` will skip workspace packages marked as
private in package.json.
Currently it's skipping those packages only when you have configured
auth for those packages, it would error out with `ENEEDAUTH` if it
doesn't find the valid auth information.

this fix checks for the private property before checking for auth for
the packages that will essentially not going to get published.

Fixes #7199

Author: milaninfy

lib/commands/publish.js

@@ -127,6 +127,15 @@ class Publish extends BaseCommand {
     const noCreds = !(creds.token || creds.username || creds.certfile && creds.keyfile)
     const outputRegistry = replaceInfo(registry)
 
+    // if a workspace package is marked private then we skip it
+    if (workspace && manifest.private) {
+      throw Object.assign(
+        new Error(`This package has been marked as private
+  Remove the 'private' field from the package.json to publish it.`),
+        { code: 'EPRIVATE' }
+      )
+    }
+
     if (noCreds) {
       const msg = `This command requires you to be logged in to ${outputRegistry}`
       if (dryRun) {

tap-snapshots/test/lib/commands/publish.js.test.cjs

@@ -418,6 +418,10 @@ Array [
 ]
 `
 
+exports[`test/lib/commands/publish.js TAP workspaces all workspaces - some marked private > one marked private 1`] = `
++ workspace-a@1.2.3-a
+`
+
 exports[`test/lib/commands/publish.js TAP workspaces json > all workspaces in json 1`] = `
 {
   "workspace-a": {

test/lib/commands/publish.js

@@ -617,6 +617,48 @@ t.test('workspaces', t => {
     await t.rejects(npm.exec('publish', []), { code: 'E404' })
   })
 
+  t.test('all workspaces - some marked private', async t => {
+    const testDir = {
+      'package.json': JSON.stringify(
+        {
+          ...pkgJson,
+          workspaces: ['workspace-a', 'workspace-p'],
+        }, null, 2),
+      'workspace-a': {
+        'package.json': JSON.stringify({
+          name: 'workspace-a',
+          version: '1.2.3-a',
+        }),
+      },
+      'workspace-p': {
+        'package.json': JSON.stringify({
+          name: '@scoped/workspace-p',
+          private: true,
+          version: '1.2.3-p-scoped',
+        }),
+      },
+    }
+
+    const { npm, joinedOutput } = await loadMockNpm(t, {
+      config: {
+        ...auth,
+        workspaces: true,
+      },
+      prefixDir: testDir,
+    })
+    const registry = new MockRegistry({
+      tap: t,
+      registry: npm.config.get('registry'),
+      authorization: token,
+    })
+    registry.nock
+      .put('/workspace-a', body => {
+        return t.match(body, { name: 'workspace-a' })
+      }).reply(200, {})
+    await npm.exec('publish', [])
+    t.matchSnapshot(joinedOutput(), 'one marked private')
+  })
+
   t.test('invalid workspace', async t => {
     const { npm } = await loadMockNpm(t, {
       config: {