Cannot add existing, external, nonscoped package to organization team

[mcm1957]

I'm member of an organization with role 'owner'
I'm member of team developers within the organization
I'm maintainer of some non scoped packages, for one ofthem I'm the only maintainer.

So to my understanding I should have all rights required to add a package currently not covered by the organization to the team.

But when I enter the package name into the input field and click 'add existing package' I get 'forbidden' message.
In addition the selection field shown below the input field seems to list only packages already added to the organization.

Any idea what to check?
Or what I'm doing wrong or missing?
Is there any extra step to add the package to the organization?

Thanks for any advise

[mcm1957]

@Apollon77 FYI

[ljharb]

I get this as well; i emailed npm support about it yesterday.

[mcm1957]

Answer from npm support

There was a recent change to permissions. You would need to be the direct owner of the unscoped package (not just a maintainer/collaborator) and an org owner in order to grant team access to an unscoped package. The xxxxx package is showing as being under the ownership of the aaaaa user. That user is not a member of the ooooo organization.

Looks like moving a repo into an organizatio is no longer possible if the 'direct owner' anishes although he / she granted access earlier
:-(

In addition I do not know how to change / transfer the 'direct ownership' and where someone can check who is 'direct owner' (Note: The first maintainer dsiplayed at wesite is NOT necessarily the direct owner as checked with adpater xxxx noted above.)

[ljharb]

I'm confused; packages do not HAVE any other level of permissions than "owner" - there's no such thing as anything between "owner" and "nothing".

[mcm1957]

I'm confused too - but thats the official reply. And documentation often notices 'maintainers'.
AND theres a guide to transfer OWNERship of an npm package

https://docs.npmjs.com/transferring-a-package-from-a-user-account-to-another-user-account

I've replied and asked

• how the direct owner can be changed
• how the direct owner can be evaluated / displayed

Well lets see where this is going to ...

P.S: I wonder if / when some 'official' or semi-official person reads this feedback area and responds,

[mcm1957]

Got reply ( personl infomation removed)

Deleting a package owner would not transfer ownership. The only way to transfer ownership of a package, would be via npm Support.

[ljharb]

That's very surprising since that's just not a concept that npm packages have literally ever had, there's no UI about it, and no announcement about that has ever been made.