Don't allow NPM to access private methods

[ChrisHuie]

Using Prebid as a dependency allows access to private methods such as gdprDataHandler in this case #9333 (comment). Proposal to no longer allow this behavior in Prebid 8. Still reviewing the bandwidth that would be needed for this issue.

[patmmccann]

perhaps cut for time ? tbd, to discuss with pubs?

[patmmccann]

@JulieLorin @khatibda @muuki88 do you have projects that import prebid as an npm? can you provide any feedback here?

[muuki88]

We use Prebid as an NPM dependency and only use the processQueue() ( or something like that ) to init Prebid.

All other access happens through public APIs.

[JulieLorin]

We use Prebid as an NPM dependency, but we are using more than just the processQueue function.
We have a few customizations (for handling consent for example as mentionned in #9333 (comment)
We are using the registerBidder ourselves to be able to add custom bidders (that would need to use functions/code from our codebase) for example. (though it seems this function is also available though the API so it may be irrelevant here)
For rendering, as we are not using prebid universal creative, we use auctionManager to inform prebid of a bid won and emit an event.

I think allowing prebid to be used as a library is useful to be able to use only some parts of prebid.js but not all of them (for example, being able to manage instream without needing a prebid-cache compatible endpoint).
This can sometimes also helps with fixing bugs before a fix is released in prebid.
I think it is very much acceptable to allow it "at your own risks" only, but making it impossible doesn't seem required to me.

[olafbuitelaar]

we're also using the registerBidder, in fact it would be nice it was a public method, like; pbjs.registerBidder . We also use other internal functions like; filters from prebid.js/src/targeting or createBid from prebid.js/src/bidfactory