If you have a private a npm library you need to authenticate to get the packages you need. Pipelines provides a specific task for this but you also need to take another step to get the package when installing on the host…
Using the npm authenticate pipelines task
To install a private package you have to authenticate with npm. Azure pipelines allows you to authenticate by adding a service connection for npm and then using the npm task to authenticate, specifying the name of the connection.
You can find this in “Project Settings > Pipelines > Service connections”. Choose New Connection > Npm connection
Now you can reference this npm connection anywhere in the pipeline. In my experience you will have to initialize it once per stage.
I recommend using a read-only token for this. It’s not good practice to use your username and password.
- task: npmAuthenticate@0 inputs: workingFile: .npmrc customEndpoint: myPrivateNpmConnection displayName: "Authorise with private npm using root npmrc"
What does it do? It just writes an
.npmrc file to the working directory. This is used by npm or yarn to authenticate and grab the private package.
Supporting install on a host machine
You might run
npm install on a host machine. If you have a production dependency on a private repo you should copy the .npmrc to the your output artefact. You can do this with a pipeline script.
- task: CopyFiles@2 inputs: SourceFolder: "$(System.DefaultWorkingDirectory)/mycode/location" Contents: | package.json yarn.lock *npmrc* ecosystem.config.js src/* TargetFolder: "$(Build.ArtifactStagingDirectory)/myApplicationDeployArtifact" displayName: "Copy files required for deploying on host"
Now when you run
npm install the host can also use the npmrc.