In our organization we started using StencilJS.
Currently anyone can run npm publish and it will upload the package to github packages.
I would like publish action to be limited to admin of the repo only, but I haven’t found a way to achieve it.
There’s currently no way to achieve this w/ GitHub Packages right now. We’re moving in this direction which you can see with GHCR where permissions are separate and we’ll continue down that path with roles for publishing that will allow you to control who has publish / create permission at all.