You can set up your own package registry server if you want to control package access to a limited number of users, or if you need to set up package registry servers in a closed network organization.
When you have finished developing your package and you want to share it with other users, you have a number of different options:
You can distribute a zip or tarball to other Unity users. That way, they can either install the package from the local tarball directly or decompress the zip or tarball to a local folder on their own computer and install it from there.
You can distribute a link to your Git repository. Then users can install your package using its Git URL, because the Unity Package Manager can fetch packages from Git repository hosting services like GitHub and GitLab.
You can set up a package registry server to host your package and then publish it to that registry using npm’s publish command. Your package’s consumers can then set up a scoped registry configuration in their project to fetch your custom packages from your own package registry.
Unity Package Manager supports registries based on the npm protocol. You can use any off the shelf npm registry server and it should work, but Verdaccio is quick to set up and doesn’t require a lot of configuration.
Most of the time, anonymous access within a local network is sufficient to fulfill your security requirements. However, if you want more control over who accesses packages via scoped registries, you can enable npm authentication for specific users. Your package customer’s can then configure their scoped registry to use their npm authentication token.