npmrc authentication for a private scoped organisation package

Published on October 13, 2021

Tagged: #nodejs

Follow me on twitter for more posts like this

When you have to login to npm for multiple organisations it can be easier to use an .npmrc file that you move around rather than npm login command.

The npmrc file

The .npmrc file sits in the root of a project. The rc file allows you to set specific settings for that project.

Npm will use the first instance of a setting it finds starting in the local repository and moving to your home folder. This allows you to have specific settings for logging in to special package repositories.

First - do not commit the file!

Make sure you add .npmrc to your .gitignore file. It contains a secret token.

Do not check your npmrc with auth token into the source control.

Scoped authentication using an npmrc file

Different package repositories will have different credential methods but it is usually a token of some kind that is passed through a query string parameter. e.g. for npm it is authToken.

Here is an example on an npmrc if you wanted to log in to npm for most of the packages, but you have your @myPrivateOrg packages in jfrog.

//registry.npmjs.org/:_authToken=YOUR_NPM_TOKEN_HERE

@myPrivateOrg:registry=https://myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:_auth=YOUR_JFROG_TOKEN_HERE
//myPrivateOrg.jfrog.io/artifactory/api/npm/node-packages/:always-auth = true
package-lock=true
email = my.email@thisemail.com

Note that the tokens are usually base64 encoded. I talk about how to do this on mac here: https://www.darraghoriordan.com/2021/02/07/set-jira-release-azure-devops-pipeline/

Hope that helps!

Darragh ORiordan

Hi! I'm Darragh ORiordan.

I live and work in Sydney, Australia building supporting happy teams that create high quality software for the web.

I also make tools for busy developers! Do you have a new M1 Mac to setup? Have you ever spent a week getting your dev environment just right?

My DevShell tooling will save you 30+ hours configuring your dev environment with all the best modern tools. Get it here

https://darraghoriordan.gumroad.com/l/devshell


Read more articles like this one...

List of article summaries

#nodejs

Running a NodeJS app with Postgres in Dokku

I have some side projects that don’t see much traffic so I run them on a 5$ digital ocean droplet running Dokku.

Dokku is an open source Heroku-like platform. It’s super easy to create and maintain multiple applications on a Dokku instance. It’s perfect for solo makers.

There are plugins for most of the common services you might want like PostgreSQL or Redis.

Here’s what we’re going to do

  1. A Brief overview of Dokku
  2. How to get a Dokku instance running
  3. Create a new Dokku application
  4. Add a database service
  5. Expose the database for debugging and testing (Optional)
  6. Add a domain to the application
  7. Add any configuration variables for your application
  8. Add SSL to the application
  9. Add the Dokku remote to your application
  10. Push your application to Dokku
  11. Maintaining your Dokku server
#nodejs

Semantic versioning javascript projects but skipping NPM publish

If you want to use semantic versioning and automate release versions using semantic-release for your front-end client application you probably don’t want to actually publish it to npm.

Here is how to use semantic-release while not releasing to npm.

#nodejs

Avoid these issues when using new ECMAScript modules in your Node.js application

ECMAScript modules are the official standard format to package JavaScript code for reuse in the future. Es6 modules now have full support in Node.js 12 and above so it’s time to start using them.

JavaScript developers and node libraries have typically used commonjs for modules up to now. If you’ve used typescript in the past few years you will be familiar with the module import syntax in you application. Instead of commonjs require("module") most typescript applications use some variation of import module from "module".

Typescript will then transpile this import syntax into commonjs require statements for you. This step is not necessary in modern Node.js applications. You can just use import module from "module" directly in your transpiled code.

If you use typescript you can change just change your tsconfig settings to output ECMAScript es6 modules and you will be good to go. If you don’t use typescript you might have to do some rewriting if you want to get your app updated.

Here are solutions to the issues that took me a bit of time and investigation to figure out when I was upgrading my Node.js application to use ECMAScript modules like configuring typescript, setting up jest, configuring the package.json correctly and more.