DEV Community

Darragh O'Riordan
Darragh O'Riordan

Posted on • Originally published at darraghoriordan.com on

npmrc authentication for a private scoped organisation package

If you have to login to npm to multiple organisations it can be easier to use an .npmrc file that you move around rather than npm login command.

The npmrc file

The .npmrc file sits in the root of a project and allows to set specific settings for that project. Npm will use the first instance of a setting it finds starting in the local repository and moving to your home folder. This allows you to have specific settings for logging in to special package repositories.

First - do not commit the file!

Make sure you add .npmrc to your .gitignore file.

Do not check your npmrc with auth token into the source control.

Scoped authentication using an npmrc file

Different package repositories will have different credential methods but it is usually a token of some kind that is passed through a query string parameter. e.g. for npm it is authToken.

Here is an example if you wanted to log in to npm for most packages but you have your @myPrivateOrg packages in jfrog.

//registry.npmjs.org/:_authToken=YOUR_NPM_TOKEN_HERE

@myPrivateOrg:registry=https://myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:_auth=YOUR_JFROG_TOKEN_HERE
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:always-auth = true
package-lock=true
email = my.email@thisemail.com
Enter fullscreen mode Exit fullscreen mode

Note that the tokens are usually base64 encoded. I talk about how to do this on mac here: https://www.darraghoriordan.com/2021/02/07/set-jira-release-azure-devops-pipeline/

Discussion (0)