Protected packages

Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed Status: Experiment
History
The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.

By default, any user with at least the Developer role can create, edit, and delete packages. Add a package protection rule to restrict which users can make changes to your packages.

Who can modify a protected package

When a package is protected, the default behavior enforces these restrictions on the package:

Action Who can do it
Protect a package At least the Maintainer role.
Create a new package Anyone with a higher role than the role set by Push protected up to access level.
Edit an existing package Anyone with a higher role than the role set by Push protected up to access level.

Protect a package

History

Prerequisites:

  • You must have at least the Maintainer role.

To protect a package:

  1. On the left sidebar, select Search or go to and find your project.
  2. Select Settings > Packages and registries.
  3. Under Protected packages, select Add protection rule.
  4. Complete the fields. Name pattern is a package name pattern you want to protect. The pattern can include a wildcard (*).
  5. Select Protect.

The package protection rule is created, and appears in the settings.

Delete a package protection rule and unprotect a package

History

Prerequisites:

  • You must have at least the Maintainer role.

To unprotect a package:

  1. On the left sidebar, select Search or go to and find your project.
  2. Select Settings > Packages and registries.
  3. Under Protected packages, next to the protection rule you want to delete, select Delete ().
  4. On the confirmation dialog, select Delete.

The package protection rule is deleted, and does not appear in the settings.