Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set _auth for a scoped registry in .npmrc?

I am wondering how to configure the .npmrc file so that I can have a default registry and a different scoped registry with authentication.

I am using Nexus for the private repository and I am not sure how to set authentication for the scoped registry, only the default registry.

For example my ~/.npmrc file is:

registry=https://registry.npmjs.org/ @test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/ [email protected] _auth="…" 

If I do npm publish for a package scoped to test-scope, I get an authentication error.

AFAIK, the _auth only applies to the registry=... section. Is there a way of specifying an auth key for the @test-scope:registry=... section?

Thanks,

like image 843
Willem van Ketwich Avatar asked Mar 21 '18 11:03

Willem van Ketwich


People also ask

What is _auth in Npmrc?

_auth. access. all. allow-same-version. audit.

How do I comment a line in Npmrc file?

Comments. Lines in . npmrc files are interpreted as comments when they begin with a ; or # character. . npmrc files are parsed by npm/ini, which specifies this comment syntax.

What does npm config set registry do?

In a standard install of npm, the registry is set to https://registry.npmjs.org/ . That is to say, this is the address that npm will download packages from when you run npm install <anything> . You can however change this value with the command npm set registry <new url> .

Where should we place .npmrc file?

npmrc Files Per-project config file: /path/to/my/project/. npmrc. Per-user config file: ~/. npmrc.


2 Answers

So, after some digging through the NPM source code, it turns out there is a way to do this.

My solution is below:

registry=https://registry.npmjs.org/ @test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/ //nexus:8081/nexus/content/repositories/npm-test/:username=admin //nexus:8081/nexus/content/repositories/npm-test/:_password=YWRtaW4xMjM= email=… 

Explanation:

The scope @test-scope specifies that packages with the scope should be published to a different registry than the default registry= when executing the npm publish command.

The two lines starting with //nexus:8081/... are used to specify the credentials to the scoped repository for both username and _password where _password is the base64 encoded password component from the previously used _auth credentials.

Using this approach, only scoped packages will be published and installed from the private registry and all other packages will be installed from the default registry.

Edit:

Additional to this, the password can be specified as an environment variable so that it is not stored in plaintext in the file.

For example:

registry=https://registry.npmjs.org/ @test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/ //nexus:8081/nexus/content/repositories/npm-test/:username=admin //nexus:8081/nexus/content/repositories/npm-test/:_password=${BASE64_PASSWORD} email=… 

Also, when using Nexus, the email= line must be specified.

like image 179
Willem van Ketwich Avatar answered Sep 23 '22 18:09

Willem van Ketwich


for some strange reason the _auth is called _authToken when used with scoped packages. If you are using this you don't have to store your plain text password in your .npmrc

registry=https://registry.npmjs.org/ @test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/  //nexus:8081/nexus/content/repositories/npm-test/:_authToken=... email=… 
like image 42
c0l3 Avatar answered Sep 24 '22 18:09

c0l3