npmrc authentication for a private scoped organisation package

Published on October 13, 2021

If you have to login to npm to multiple organisations it can be easier to use an .npmrc file that you move around rather than npm login command.

The npmrc file

The .npmrc file sits in the root of a project and allows to set specific settings for that project. Npm will use the first instance of a setting it finds starting in the local repository and moving to your home folder. This allows you to have specific settings for logging in to special package repositories.

First - do not commit the file!

Make sure you add .npmrc to your .gitignore file.

Do not check your npmrc with auth token into the source control.

Scoped authentication using an npmrc file

Different package repositories will have different credential methods but it is usually a token of some kind that is passed through a query string parameter. e.g. for npm it is authToken.

Here is an example if you wanted to log in to npm for most packages but you have your @myPrivateOrg packages in jfrog.

//registry.npmjs.org/:_authToken=YOUR_NPM_TOKEN_HERE

@myPrivateOrg:registry=https://myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:_auth=YOUR_JFROG_TOKEN_HERE
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:always-auth = true
package-lock=true
email = my.email@thisemail.com

Note that the tokens are usually base64 encoded. I talk about how to do this on mac here: https://www.darraghoriordan.com/2021/02/07/set-jira-release-azure-devops-pipeline/

Darragh ORiordan

Hi! I'm Darragh ORiordan.

I live and work in Sydney, Australia enjoying the mountains and the ocean.

I build and support happy teams that create high quality software for the web.

Contact me on Twitter!


Sign up for the newsletter

Get new writings, curated tech articles and coding tips!

Read the Privacy Policy.