feat: add team membership endpoints

wraithgar · wraithgar · commit 5380b8f6c2cc · 2026-03-23T11:27:53.000-07:00
These are all the `npm team` endpoints
diff --git a/api/base.yaml b/api/base.yaml
@@ -93,6 +93,7 @@ x-tagGroups:
       - Trust
       - Access
       - Org
+      - Team
 
 components:
   securitySchemes:
diff --git a/api/merge-config.yaml b/api/merge-config.yaml
@@ -3,6 +3,7 @@ inputs:
   - inputFile: registry.npmjs.com/access.yaml
   - inputFile: registry.npmjs.com/oidc.yaml
   - inputFile: registry.npmjs.com/org.yaml
+  - inputFile: registry.npmjs.com/team.yaml
   - inputFile: registry.npmjs.com/token.yaml
   - inputFile: registry.npmjs.com/trust.yaml
 
diff --git a/api/registry.npmjs.com/access.yaml b/api/registry.npmjs.com/access.yaml
@@ -1,52 +1,44 @@
 components:
-  parameters:
-    TeamName:
-      name: teamName
-      in: path
-      required: true
-      schema:
-        type: string
-      description: Name of a team
   responses:
     PackageAccessLevels:
-      description: "Packages with their access levels"
+      description: 'Packages with their access levels'
       content:
         application/json:
           schema:
             type: object
             additionalProperties:
               type: string
             example:
-              "@npmcli/arborist": "read-write"
-              "@npmcli/config": "read-only"
+              '@npmcli/arborist': read-write
+              '@npmcli/config': read-only
     PackageVisibility:
-      description: "Packages with their visibility"
+      description: 'Packages with their visibility'
       content:
         application/json:
           schema:
             type: object
             additionalProperties:
               type: string
             example:
-              "@npmcli/arborist": "public"
-              "@npmcli/hidden": "private"
+              '@npmcli/arborist': public
+              '@npmcli/hidden': private
     UserAccessLevels:
-      description: "User access levels"
+      description: User access levels
       content:
         application/json:
           schema:
             type: object
             additionalProperties:
               type: string
             example:
-              "npm": "read-write"
-              "microsoft": "read-only"
+              npm: read-write
+              microsoft: read-only
 paths:
   /-/team/{orgName}/{teamName}/package:
     parameters:
       - $ref: './api/shared-components.yaml#/components/parameters/OrgName'
-      - $ref: '#/components/parameters/TeamName'
-      - $ref: "./api/shared-components.yaml#/components/parameters/RequiredBearerToken"
+      - $ref: './api/shared-components.yaml#/components/parameters/TeamName'
+      - $ref: './api/shared-components.yaml#/components/parameters/RequiredBearerToken'
     get:
       tags:
         - Access
@@ -56,9 +48,9 @@ paths:
       security:
         - npmSessionToken: []
       responses:
-        "200":
+        '200':
           $ref: '#/components/responses/PackageAccessLevels'
-        "401":
+        '401':
           $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
     put:
       tags:
@@ -84,24 +76,24 @@ paths:
       security:
         - npmSessionToken: []
       responses:
-        "201":
+        '201':
           $ref: './api/shared-components.yaml#/components/responses/EmptySuccess'
-        "401":
+        '401':
           $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
     delete:
       summary: Remove access to a package for a team
       operationId: deleteTeamPackageGrant
       security:
         - npmSessionToken: []
       responses:
-        "204":
+        '204':
           $ref: './api/shared-components.yaml#/components/responses/EmptySuccess'
-        "401":
+        '401':
           $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
   /-/org/{orgName}/package:
     parameters:
       - $ref: './api/shared-components.yaml#/components/parameters/OrgName'
-      - $ref: "./api/shared-components.yaml#/components/parameters/RequiredBearerToken"
+      - $ref: './api/shared-components.yaml#/components/parameters/RequiredBearerToken'
     get:
       tags:
         - Access
@@ -111,14 +103,14 @@ paths:
       security:
         - npmSessionToken: []
       responses:
-        "200":
+        '200':
           $ref: '#/components/responses/PackageAccessLevels'
-        "401":
+        '401':
           $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
   /-/package/{escapedPackageName}/collaborators:
     parameters:
       - $ref: './api/shared-components.yaml#/components/parameters/EscapedPackageName'
-      - $ref: "./api/shared-components.yaml#/components/parameters/RequiredBearerToken"
+      - $ref: './api/shared-components.yaml#/components/parameters/RequiredBearerToken'
     get:
       tags:
         - Access
@@ -127,14 +119,14 @@ paths:
       security:
         - npmSessionToken: []
       responses:
-        "200":
+        '200':
           $ref: '#/components/responses/UserAccessLevels'
-        "401":
+        '401':
           $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
   /-/package/{escapedPackageName}/visibility:
     parameters:
       - $ref: './api/shared-components.yaml#/components/parameters/EscapedPackageName'
-      - $ref: "./api/shared-components.yaml#/components/parameters/RequiredBearerToken"
+      - $ref: './api/shared-components.yaml#/components/parameters/RequiredBearerToken'
     get:
       tags:
         - Access
@@ -143,9 +135,9 @@ paths:
       security:
         - npmSessionToken: []
       responses:
-        "200":
+        '200':
           $ref: '#/components/responses/PackageVisibility'
-        "401":
+        '401':
           $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
   /-/package/{escapedPackageName}/access:
     parameters:
@@ -178,7 +170,7 @@ paths:
       security:
         - npmSessionToken: []
       responses:
-        "200":
+        '200':
           $ref: './api/shared-components.yaml#/components/responses/EmptySuccess'
-        "401":
+        '401':
           $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
diff --git a/api/registry.npmjs.com/team.yaml b/api/registry.npmjs.com/team.yaml
@@ -0,0 +1,166 @@
+components:
+  responses:
+    TeamUsers:
+      description: The users in a team
+      content:
+        application/json:
+          schema:
+            type: array
+            items:
+              type: string
+              description: A username of a user in the team
+            example:
+              - npm
+              - npm-cli-bot
+    OrgTeams:
+      description: The teams in an org
+      content:
+        application/json:
+          schema:
+            type: array
+            items:
+              type: string
+              description: The teams in the org, in the format of orgname:teamname
+            example:
+              - '@npmcli:wombats'
+
+paths:
+  /-/org/{orgName}/team:
+    parameters:
+      - $ref: './api/shared-components.yaml#/components/parameters/OrgName'
+      - $ref: './api/shared-components.yaml#/components/parameters/RequiredBearerToken'
+    get:
+      tags:
+        - Org
+      summary: Get teams in an org
+      description: Get all of the teams in an org
+      operationId: getScopeTeams
+      security:
+        - npmSessionToken: []
+      responses:
+        '200':
+          $ref: '#/components/responses/OrgTeams'
+        '401':
+          $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
+    put:
+      tags:
+        - Team
+      summary: Create a new team
+      description: Create a new team for an org
+      operationId: putScopeTeam
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                  description: The name of the team to create
+                description:
+                  type: string
+                  description: The description of the team to create
+              example: { name: 'wombats', description: 'All developers' }
+      security:
+        - npmSessionToken: []
+      responses:
+        '201':
+          description: Team was created successfully
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  name:
+                    type: string
+                    description: The name of the team that was created
+                example:
+                  name: wombats
+        '401':
+          $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
+  /-/org/{orgName}/{teamName}:
+    parameters:
+      - $ref: './api/shared-components.yaml#/components/parameters/OrgName'
+      - $ref: './api/shared-components.yaml#/components/parameters/TeamName'
+      - $ref: './api/shared-components.yaml#/components/parameters/RequiredBearerToken'
+    delete:
+      tags:
+        - Team
+      summary: Delete a team
+      description: Delete a team from a given org
+      operationId: deleteTeam
+      security:
+        - npmSessionToken: []
+      responses:
+        '204':
+          $ref: './api/shared-components.yaml#/components/responses/EmptySuccess'
+        '401':
+          $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
+  /-/org/{orgName}/{teamName}/user:
+    parameters:
+      - $ref: './api/shared-components.yaml#/components/parameters/OrgName'
+      - $ref: './api/shared-components.yaml#/components/parameters/TeamName'
+      - $ref: './api/shared-components.yaml#/components/parameters/RequiredBearerToken'
+    get:
+      tags:
+        - Team
+      summary: Get all users in a team
+      description: Get all users in a team
+      operationId: getTeamMembership
+      security:
+        - npmSessionToken: []
+      responses:
+        '200':
+          $ref: '#/components/responses/TeamUsers'
+        '401':
+          $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
+    put:
+      tags:
+        - Team
+      summary: Add a user to a team
+      description: Add a user to a team in an org. The user must already be a member of the org.
+      operationId: createTeamMembership
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                user:
+                  type: string
+                  description: The username of the user to add to the team
+              example:
+                user: npm-cli-bot
+      security:
+        - npmSessionToken: []
+      responses:
+        '201':
+          $ref: './api/shared-components.yaml#/components/responses/EmptySuccess'
+        '401':
+          $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
+    delete:
+      tags:
+        - Team
+      summary: Remove a user from a team
+      operationId: deleteTeamMembership
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                user:
+                  type: string
+                  description: The username of the user to remove from the team
+              example:
+                user: npm-cli-bot
+      security:
+        - npmSessionToken: []
+      responses:
+        '204':
+          $ref: './api/shared-components.yaml#/components/responses/EmptySuccess'
+        '401':
+          $ref: './api/shared-components.yaml#/components/responses/Unauthorized'
diff --git a/api/shared-components.yaml b/api/shared-components.yaml
@@ -6,15 +6,22 @@ components:
       required: true
       schema:
         type: string
-      description: The name of a package.  Scoped packages need their "/" to be url encoded to "%2F"
-      example: "@npmcli%2Farborist"
+      description: The name of a package.  Scoped packages need "/" to be url encoded to "%2F"
+      example: '@npmcli%2Farborist'
     OrgName:
       name: orgName
       in: path
       required: true
       schema:
         type: string
       description: Name of an org
+    TeamName:
+      name: teamName
+      in: path
+      required: true
+      schema:
+        type: string
+      description: Name of a team
     RequiredBearerToken:
       name: Authorization
       in: header
@@ -31,14 +38,14 @@ components:
         - npm access token (traditional user token created via `npm login`)
   responses:
     EmptySuccess:
-      description: "Success"
+      description: Success
       content:
-        "*/*":
+        '*/*':
           schema:
             not:
               {}
     Unauthorized:
-      description: "Unauthorized"
+      description: Unauthorized
       headers:
         www-authenticate:
           description: Authentication challenge (e.g., "OTP" when OTP is required)
@@ -56,3 +63,5 @@ components:
               error:
                 type: string
                 description: Error message
+          example:
+            error: Missing "Bearer" header.
