diff --git a/README.md b/README.md
index c1ae353..de3ed6e 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,8 @@ You can configure some aspects of merge-release action by passing some environme
   * The path where the src package.json is found. Defaults to the root dir.
 * **NPM_REGISTRY_URL**
   * NPM Registry URL to use. defaults to: `https://registry.npmjs.org/`
+* **NPM_PRIVATE**
+  * If you wish privately publish your package please ensure you have set this to `true`
 
 `merge-release` will use `npm publish` unless you've defined a `publish` script in your `package.json`.
 
diff --git a/action.yaml b/action.yaml
index 78abd52..6392b97 100644
--- a/action.yaml
+++ b/action.yaml
@@ -13,6 +13,9 @@ inputs:
   NPM_AUTH_TOKEN:
     description: 'NPM_AUTH_TOKEN' 
     required: true
+  NPM_PRIVATE:
+    description: 'NPM_PRIVATE' 
+    required: false
   DEPLOY_DIR:
     description: 'DEPLOY_DIR' 
     required: false
diff --git a/src/merge-release-run.js b/src/merge-release-run.js
index 203fd9d..0b78de3 100644
--- a/src/merge-release-run.js
+++ b/src/merge-release-run.js
@@ -29,6 +29,10 @@ const srcPackageDir = path.join(process.cwd(), process.env.SRC_PACKAGE_DIR || '.
 console.log('            using deploy directory : ' + deployDir)
 console.log('using src directory (package.json) : ' + srcPackageDir)
 
+const access = process.env.NPM_PRIVATE==='true' ? 'restricted' : 'public'
+
+console.log('deploy to NPM with access : ' + access)
+  
 let pkg = require(path.join(deployDir, 'package.json'))
 
 const run = async () => {
@@ -88,7 +92,7 @@ const run = async () => {
   if (pkg.scripts && pkg.scripts.publish) {
     exec(`npm run publish`, deployDir)
   } else {
-    exec(`npm publish`, deployDir)
+    exec(`npm publish --access=${access}`, deployDir)
   }
   exec(`git checkout package.json`) // cleanup
   exec(`git tag ${newVersion}`)