How to use a private NPM repo in Azure Pipelines Deploy

Published on July 13, 2020

If you have a private a npm library you need to authenticate to get the packages you need. Pipelines provides a specific task for this but you also need to take another step to get the package when installing on the host…

Using the npm authenticate pipelines task

To install a private package you have to authenticate with npm. Azure pipelines allows you to authenticate by adding a service connection for npm and then using the npm task to authenticate, specifying the name of the connection.

You can find this in “Project Settings > Pipelines > Service connections”. Choose New Connection > Npm connection

Showing form fields for new npm connection
Showing form fields for new npm connection

Now you can reference this npm connection anywhere in the pipeline. In my experience you will have to initialize it once per stage.

I recommend using a read-only token for this. It’s not good practice to use your username and password.

- task: npmAuthenticate@0
      workingFile: .npmrc
      customEndpoint: myPrivateNpmConnection
    displayName: "Authorise with private npm using root npmrc"

What does it do? It just writes an .npmrc file to the working directory. This is used by npm or yarn to authenticate and grab the private package.

Supporting install on a host machine

You might run npm install on a host machine. If you have a production dependency on a private repo you should copy the .npmrc to the your output artefact. You can do this with a pipeline script.

 - task: CopyFiles@2
     SourceFolder: "$(System.DefaultWorkingDirectory)/mycode/location"
     Contents: |
     TargetFolder: "$(Build.ArtifactStagingDirectory)/myApplicationDeployArtifact"
   displayName: "Copy files required for deploying on host"

Now when you run npm install the host can also use the npmrc.

Darragh ORiordan

Hi! I'm Darragh ORiordan.

I live and work in Sydney, Australia building and supporting happy teams that create high quality software for the web.

I also make tools for busy developers! Do you have a new M1 Mac to setup? Have you ever spent a week getting your dev environment just right?

My Universal DevShell tooling will save you 30+ hours of configuring your Windows or Mac dev environment with all the best, modern shell and dev tools.

Get DevShell here: ✨

Read more articles like this one...

List of article summaries


Extract user profile attributes from an Azure ADB2C tenant using the Microsoft Graph API

I had to retrieve a list of users from an Azure Active Directory B2C instance today. I thought I could just go through the Azure UI but that’s limited to short pages of data and limited attributes.

There is a CSV export provided on the UI but you won’t get the required identity objects in the csv output if you need a user’s signin email address.

I had to use the Microsoft Graph Api to get what I needed. This is a bit hacky but it does the trick!


Force restart your Azure App service site and host

Sometimes your Azure App service host will need to be restarted. You can do this but it’s hidden away in the Azure resource manager site. Here’s how to find it!


Scheduling a feature toggle using no-code with Azure Logic Apps

I use launch darkly to toggle features on an app. There is one third-party dependency that has regular scheduled maintenance and I need to toggle the feature on and off on schedule.

Launch Darkly has built in scheduling to handle this scenario but you have to be on the enterprise plan to use it. The enterprise plan is too expensive to upgrade to for scheduling alone so I needed to find a different way to automate this.


Avoid rebuild of React App in every CI stage

If you have a react app you can use env vars like REACT_APP_MY_ENV_VAR in your application and React will automatically pull them in to your app when you build the production application.

This is very useful but if you have variables that change for each environment and your application build takes a long time, you might want to avoid building unnecessarily in CI. For example you might have a QA environment and a Staging environment that have different configuration.

We type-check our code on each build and that was taking 5 minutes+ to build each environment so we had to make it faster. We changed our app from using REACT_APP env vars to using a configuration file that we could quickly write to using CI.

Our CI system is Azure DevOops so the CI scripts here are specifically for Azure DevOps but they apply to most CI systems with small changes.

The real work happens in a Node.js script that would work anywhere.