You mean host a private registry and then grant the other company access? Or are you saying there’s a way to bundle up a registry and the associated package code?
I agree that hosting a private registry and then just limiting access would be ideal, but I think my company is going to force me to distribute the packages as a zipped up bundle.