npm Email Privacy: How to Hide Your Email Address
Your npm email address is public by default. It's visible on your profile and embedded in every package you publish. Spammers know this. Here's how to protect your privacy while still maintaining packages on npm.
In this guide:
The privacy problem
When you create an npm account, the email you provide becomes publicly visible in multiple places:
- •Your npm profile — visible at npmjs.com/~username
- •Package metadata — embedded in every version you publish
- •npm CLI output — anyone can run
npm view pkg maintainers
'jdalton <john.david.dalton@gmail.com>',
'mathias <mathias@example.com>'
]
This makes npm a goldmine for spammers. Bots continuously scrape the registry, and many developers report increased spam after publishing their first package.
Email relay services
The solution is to use a relay (or alias) email address. These services create forwarding addresses that hide your real email while still delivering messages to your inbox.
SimpleLogin
Free: 10 aliasesOpen-source email aliasing service, now part of Proton. Create unlimited aliases that forward to your inbox. Can also send from aliases.
Learn more →Firefox Relay
Free: 5 aliasesMozilla's email masking service. Integrates with Firefox browser for easy alias generation. Premium tier removes limits.
Learn more →DuckDuckGo Email
Free: UnlimitedPrivacy-focused email protection. Strips trackers from emails before forwarding. Generates unlimited @duck.com addresses.
Learn more →iCloud Hide My Email
iCloud+ requiredApple's email aliasing for iCloud+ subscribers. Creates random addresses that forward to your iCloud email.
Learn more →Recommendation: Use a dedicated alias just for npm. If spam becomes unbearable, you can disable that alias without affecting your personal email.
How to set up a private npm email
Create a relay alias
Sign up for a relay service (SimpleLogin, Firefox Relay, etc.) and create a new alias. Use something memorable like npm-packages@your-alias-domain.com
Update your npm email
Go to npmjs.com → Settings → Emails and add your new relay address.
Verify the new email by clicking the link npm sends to it (it'll be forwarded to your real inbox).
Set the relay address as your primary email, then remove your old personal email.
Update your npm CLI config (optional)
If you publish packages, update your local npm config to use the new email:
npm config set init-author-email "your-alias@relay.com"This sets the default email for new package.json files you create.
Note: Changing your npm email only affects future publishes. Your old email remains in the metadata of previously published package versions. There's no way to change this retroactively.
Managing npm notifications
Using a relay email helps with spam, but it doesn't solve npm's notification problem. npm sends a "Successfully published" email for every package version you publish — and there's no way to disable it.
If you maintain a monorepo with 20 packages, that's 20 emails per release. Two options:
Option 1: Filter and archive
Set up an email filter to automatically archive npm notifications. See our guide to filtering npm emails for step-by-step instructions.
Option 2: Get a digest
npmDigest consolidates all your publish notifications into a single daily, weekly, or monthly email. Keep visibility into what's published without the inbox flood.
Start 14-day free trialNo credit card required. Only charged for months you use it.