I want to publish a private npm package with Gitlab CI.
I've created an auth token for my npm user and set it as a variable NPM_TOKEN
in my Gitlab CI settings.
The job then creates an .npmrc
file with the registry and the auth token.
- npm run build && npm run build:es6
- echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}'>.npmrc
- npm publish
The job fails with this message:
npm ERR! code ENEEDAUTH
npm ERR! need auth auth required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`
Is it possible to publish with only an auth token?
A private repository will be published as a private npm package. Perhaps the first step in making your package private is to make your package's repository private. To make your Github repository private, click on the Settings tab, scroll to the bottom and then click on Change repository visibility.
To elaborate slightly on @phihag's answer, forward slashes are very important.
At first I kept getting 404 not found
$ npm publish
...
...
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://gitlab.company.com/api/v4/packages/npm/%2fmypackage - 404 Not Found
npm ERR! 404
npm ERR! 404 '@scope/[email protected]' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
I am using 2FA so as the gitlab docs state, I need to use a personal access token set to api
to authenticate. In another part of the gitlab docs it states
Some features such as publishing a package is only available on the project-level endpoint.
So in console I tried to publish to and authenticate at the project level
$ npm config set @scope:registry https://gitlab.company.com/api/v4/projects/123/packages/npm
$ npm config set //gitlab.company.com/api/v4/projects/123/packages/npm:_authToken 'MyGeneratedAccessToken'
Which eliminated my first issue of 404 not found, but now I couldn't authenticate. For hours.
$ npm publish --verbose
npm verb cli [ '/usr/local/bin/node', '/usr/local/bin/npm', 'publish', '--verbose' ]
npm info using [email protected]
npm info using [email protected]
...
...
npm verb publish [ '.' ]
npm notice
npm notice 📦 @scope/[email protected]
npm notice === Tarball Contents ===
npm notice 214B README.md
npm notice 1.1kB package.json
npm notice === Tarball Details ===
npm notice name: @scope/mypackage
npm notice version: 0.1.0
npm notice filename: @scope/mypackage-0.1.0.tgz
npm notice package size: 764 B
npm notice unpacked size: 1.3 kB
npm notice shasum: c22a42756de43e282da01f33c7d5da4940c7d1d7
npm notice integrity: sha512-l/P2cr52Lle7h[...]isu3rDME3lYuQ==
npm notice total files: 2
npm notice
npm verb stack Error: This command requires you to be logged in.
npm verb stack at Publish.publish (/usr/local/lib/node_modules/npm/lib/publish.js:104:29)
npm verb cwd /home/user/Workspace/mypackage
npm verb Linux 5.8.0-43-generic
npm verb argv "/usr/local/bin/node" "/usr/local/bin/npm" "publish" "--verbose"
npm verb node v15.11.0
npm verb npm v7.11.2
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm verb exit 1
npm timing npm Completed in 352ms
npm verb code 1
npm ERR! A complete log of this run can be found in:
npm ERR! /home/user/.npm/_logs/2021-05-12T11_23_19_273Z-debug.log
As you can see, npm publish --verbose
isn't being helpful in telling me the URL i'm trying to publish to. Checking the documentation again showed I was missing the trailing slashes after 'packages/npm'.
With the trailing slashes, I was able to publish to the gitlab npm package repository for that project
$ npm config set @scope:registry https://gitlab.company.com/api/v4/projects/123/packages/npm/
$ npm config set //gitlab.company.com/api/v4/projects/123/packages/npm/:_authToken 'MyGeneratedAccessToken'
And for all packages I use
$ npm config set @scope:registry https://gitlab.company.com/api/v4/packages/npm/
$ npm config set //gitlab.company.com/api/v4/packages/npm/:_authToken 'MyGeneratedAccessToken'
As @Amityo said, rather than manually editing the npmrc file,
npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
is the way to go, because otherwise you may be editing the wrong npmrc file.
If you are still getting an authentication error, and are certain that the token is correct, check your registry URL. You can run
npm publish --verbose
whose output will includes lines like
npm verb getPublishConfig { registry: 'https://.......' }
npm verb mapToRegistry no registry URL found in name for scope @boxine
npm verb publish registryBase https://.......
If you are publishing to npmjs.org, the URL (.......
above) should be https://registry.npmjs.org/ .
If this registry URL does not fit, look in your npmrc file for a different one. Also make sure you didn't override the registry in your package.json
file! You can search for publishConfig
in that file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With