Using npmrc authentication for a private scoped organisation package
When you have to login to npm for multiple organisations then it can be easier to use an
.npmrc file that you move around rather than
npm login command.
The npmrc file
The .npmrc file sits in the root of a project. The rc file allows you to set specific settings for that project.
Npm will use the first instance of a setting it finds starting in the local repository and moving to your home folder. This allows you to have specific settings for logging in to special package repositories.
First — do not commit this file!
Make sure you add .npmrc to your .gitignore file. It contains a secret token.
Do not check your npmrc with auth token into the source control.
Scoped authentication using an npmrc file
Different package repositories will have different credential methods but it is usually a token of some kind that is passed through a query string parameter. e.g. for npm it is
Here is an example on an npmrc if you wanted to log in to npm for most of the packages, but you have your
@myPrivateOrg packages in jfrog.
//registry.npmjs.org/:_authToken=YOUR_NPM_TOKEN_HERE @myPrivateOrg:registry=https://myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/ //myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:_auth=YOUR_JFROG_TOKEN_HERE //myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:always-auth = true package-lock=true email = firstname.lastname@example.org
Note that the tokens are usually base64 encoded. I talk about how to do this on mac here: https://www.darraghoriordan.com/2021/02/07/set-jira-release-azure-devops-pipeline/
Hope that helps! You can contact me on Twitter!
Originally published at https://www.darraghoriordan.com.