npmrc authentication for a private scoped organisation package

taylor-vick-M5tzZtFCOfs-unsplash

When you have to login to npm for multiple organisations it can be easier to use an .npmrc file that you move around rather than npm login command.

The npmrc file

The .npmrc file sits in the root of a project. The rc file allows you to set specific settings for that project.

Npm will use the first instance of a setting it finds starting in the local repository and moving to your home folder. This allows you to have specific settings for logging in to special package repositories.

First - do not commit the file!

Make sure you add .npmrc to your .gitignore file. It contains a secret token.

Do not check your npmrc with auth token into the source control.

Scoped authentication using an npmrc file

Different package repositories will have different credential methods but it is usually a token of some kind that is passed through a query string parameter. e.g. for npm it is authToken.

Here is an example on an npmrc if you wanted to log in to npm for most of the packages, but you have your @myPrivateOrg packages in jfrog.

//registry.npmjs.org/:_authToken=YOUR_NPM_TOKEN_HERE

@myPrivateOrg:registry=https://myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:_auth=YOUR_JFROG_TOKEN_HERE
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:always-auth = true
package-lock=true
email = [email protected]

Note that the tokens are usually base64 encoded. I talk about how to do this on mac here: /2021/02/07/set-jira-release-azure-devops-pipeline/

Hope that helps!