Replies: 1 comment
-
|
Turborepo itself doesn't have built-in access control — it's a build orchestration tool, not a permissions layer. But there are a few practical ways to handle this: Option 1: Separate Git repos with a shared package registry Keep your backend in a private repo and publish shared packages (types, API contracts, etc.) to a private npm registry (GitHub Packages, Verdaccio, etc.). The frontend developer only gets access to the frontend repo and consumes backend packages as regular dependencies. Option 2: Git sparse checkout You can use Git sparse-checkout so the frontend dev only clones the frontend packages: git clone --filter=blob:none --sparse <repo-url>
git sparse-checkout set apps/frontend packages/sharedThis keeps the backend code out of their working directory, though they technically still have repo access (so combine it with branch protection rules). Option 3: CODEOWNERS + branch protection If you're on GitHub, use a My recommendation: If you genuinely need to prevent the frontend dev from reading backend code, go with Option 1 (separate repos). If you just need to prevent them from changing backend code, CODEOWNERS + branch protection is simpler and keeps your monorepo intact. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
I am new to turborepo.
Here's the deal: I want to have the frontend developed further by an external frontend developer. Is it possible to restrict access to just the frontend code so that they don't have access to the backend code?
Additional information
No response
Example
No response
Beta Was this translation helpful? Give feedback.
All reactions