Version: 2020.1
Meeting legal requirements
Working in Unity

Sharing your package

You can set up your own package registry server if you want to control package access to a limited number of users, or if you need to set up package registry servers in a closed network organization.

When you have finished developing your package and you want to share it with other users, you have a number of different options:

Tarball You can distribute a zip or tarball to other Unity users. That way, they can either install the package from the local tarball directly or decompress the zip or tarball to a local folder on their own computer and install it from there.
Git URL You can distribute a link to your Git repository, using one of the supported protocols. Then users can install your package using its Git URL, because the Unity Package Manager can fetch packages from Git repository hosting services like GitHub and GitLab.
Scoped Registry You can set up a package registry server to host your package and then publish it to that registry using npm’s publish command. Your package’s consumers can then set up a scoped registry configuration in their project to fetch your custom packages from your own package registry.

Unity Package Manager supports registries based on the “npm” protocol. Make sure that whatever registry server you choose implements the /-/v1/search or /-/all endpoints.

Warning: When you set up your own package registry server, make sure you only use features that are compatible with Unity’s Scoped Registries. For example, Unity doesn’t support namespaces using the @scope notation that npm supports.

Most of the time, anonymous access within a local network is sufficient to fulfill your security requirements. However, if you want more control over who accesses packages via scoped registries, you can enable npm authentication for specific users. Your package’s customers can then configure their scoped registries to use their npm authentication tokens.

Meeting legal requirements
Working in Unity