How to use a private NPM repo in Azure Pipelines Deploy

If you have a private a npm library you need to authenticate to get the packages you need. Pipelines provides a specific task for this but you also need to take another step to get the package when installing on the host...

Using the npm authenticate pipelines task

To install a private package you have to authenticate with npm. Azure pipelines allows you to authenticate by adding a service connection for npm and then using the npm task to authenticate, specifying the name of the connection.

You can find this in "Project Settings > Pipelines > Service connections". Choose New Connection > Npm connection

Now you can reference this npm connection anywhere in the pipeline. In my experience you will have to initialize it once per stage.

I recommend using a read-only token for this. It's not good practice to use your username and password.

- task: npmAuthenticate@0
    inputs:
      workingFile: .npmrc
      customEndpoint: myPrivateNpmConnection
    displayName: "Authorise with private npm using root npmrc"

What does it do? It just writes an .npmrc file to the working directory. This is used by npm or yarn to authenticate and grab the private package.

Supporting install on a host machine

You might run npm install on a host machine. If you have a production dependency on a private repo you should copy the .npmrc to the your output artefact. You can do this with a pipeline script.

 - task: CopyFiles@2
   inputs:
     SourceFolder: "$(System.DefaultWorkingDirectory)/mycode/location"
     Contents: |
       package.json
       yarn.lock
       *npmrc*
       ecosystem.config.js
       src/*
     TargetFolder: "$(Build.ArtifactStagingDirectory)/myApplicationDeployArtifact"
   displayName: "Copy files required for deploying on host"

Now when you run npm install the host can also use the npmrc.