NPM packages in private NPM registries can be accessed via NPM_TOKEN authentication in CI/CD jobs. Here’s the official guide on how to do it.
And I also want to make a digest note on that.
In Short
Assuming your conditions are like below:
- Scope:
@my-scope - Registry:
https://registry.example.com - NPM Token:
7151942c-7451-11ec-90d6-0242ac120003
Here what you do in your CI/CD script:
1 | echo "@my-scope:registry=https://registry.example.com" >> ~/.npmrc |
After it’s done, ~/.npmrc file in your CI/CD container should be something like this:
1 | @my-scope:registry=https//registry.example.com/ |
Explanation
Scope Private Packages
Scopes are a way of grouping related packages together.
Assigning a registry url to a scope in .npmrc file can tell package managers to look for packages in the scope from the specified registry.
1 | echo "@<SCOPE>:registry=<NPM_REGISTRY_URL>" >> ~/.npmrc |
Registry Authentication
We can set up authentication for multiple specified registries in .npmrc file.
1 | echo "//<NPM_REGISTRY_URL_WITHOUT_TRANSPORT_PROTOCOL>/:_authToken=${NPM_TOKEN}" >> ~/.npmrc |
- Please replace NPM_REGISTRY_URL_WITHOUT_TRANSPORT_PROTOCOL with something like
registry.example.com,DO NOTprefix it withhttp://orhttps://. - In CI/CD jobs,
${NPM_TOKEN}should be passed as an environment variable.
Generating a NPM Access Token
Different registries can have different ways of generating authentication tokens, the common way is to use npm login command.
1 | npm login --registry=<NPM_REGISTRY_URL> |
Once it’s done, open the ~/.npmrc file to find the _authToken value.
1 | cat ~/.npmrc |
