How to set _auth for a scoped registry in .npmrc?

Question

I am wondering how to configure the .npmrc file so that I can have a default registry and a different scoped registry with authentication.

I am using Nexus for the private repository and I am not sure how to set authentication for the scoped registry, only the default registry.

For example my ~/.npmrc file is:

registry=https://registry.npmjs.org/
@test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
email=test@user.com
_auth="…"

If I do npm publish for a package scoped to test-scope, I get an authentication error.

AFAIK, the _auth only applies to the registry=... section. Is there a way of specifying an auth key for the @test-scope:registry=... section?

Thanks,

if I understood your scenario correctly, you are asking for setting two different auth for your `npm-private` registry and `npm-open` registry individually. — Suhas Gavad, Mar 21 '18 at 11:24
not necessarily `npm-open`, just `npm-private` at this stage, although it would be interesting to know how they can both have auth. (I do realise the example has an `_auth` key) — Willem van Ketwich, Mar 21 '18 at 11:30
I don't think there's a way to do this because I think the assumption is you'll be using the same username/password for your registry as your scoped registry. Is there a reason you do not proxy npmjs.org through NXRM? If so, I think you could use the same user/auth and it'd work. That's the expected use case. — joedragons, Mar 21 '18 at 21:51
We had some issues with TTL and different versions of the same package using the Nexus proxy so were looking at this as an alternative. — Willem van Ketwich, Mar 22 '18 at 10:15
@joedragons FYI - it turns out this is possible. See my answer below. — Willem van Ketwich, Mar 25 '18 at 06:12

Willem van Ketwich · Accepted Answer · 2018-11-06T06:03:31.087

So, after some digging through the NPM source code, it turns out there is a way to do this.

My solution is below:

registry=https://registry.npmjs.org/
@test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:username=admin
//nexus:8081/nexus/content/repositories/npm-test/:_password=YWRtaW4xMjM=
email=…

Explanation:

The scope @test-scope specifies that packages with the scope should be published to a different registry than the default registry= when executing the npm publish command.

The two lines starting with //nexus:8081/... are used to specify the credentials to the scoped repository for both username and _password where _password is the base64 encoded password component from the previously used _auth credentials.

Using this approach, only scoped packages will be published and installed from the private registry and all other packages will be installed from the default registry.

Edit:

Additional to this, the password can be specified as an environment variable so that it is not stored in plaintext in the file.

For example:

registry=https://registry.npmjs.org/
@test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:username=admin
//nexus:8081/nexus/content/repositories/npm-test/:_password=${BASE64_PASSWORD}
email=…

Also, when using Nexus, the email= line must be specified.

see my answer for the standard way without storing plan test passsord — c0l3, Jan 28 '19 at 10:27
[Microsoft docs](https://learn.microsoft.com/en-us/azure/devops/artifacts/npm/scopes?view=azure-devops&tabs=windows) clearly states to `append` not `prepend` the scope. Thankfully I found your answer — Jnr, Sep 26 '19 at 12:30
Finally something that helped get me over the line with Gitlab CICD when paired with Nexus! In my `.gitlab-ci.yml` file I set `npm config set 'nexusUrlHere/repository/npm-group/:_auth' "${NEXUS_TOKEN}"`, then I set NEXUS_TOKEN as a secret in Gitlab and then away we go :) — Phil D., Jun 17 '20 at 04:59

score 18 · Answer 2 · answered Jul 16 '18 at 14:33

for some strange reason the _auth is called _authToken when used with scoped packages. If you are using this you don't have to store your plain text password in your .npmrc

registry=https://registry.npmjs.org/
@test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/ 
//nexus:8081/nexus/content/repositories/npm-test/:_authToken=...
email=…

score 5 · Answer 3 · answered Sep 16 '20 at 14:29

Run the following command, replacing @company-scope with the scope, and company-registry with the name of your company’s npm Enterprise registry:

npm login --scope=@company-scope --registry=https://registry.company-registry.npme.io/

This information is available on the npm documention.

How to set _auth for a scoped registry in .npmrc?

3 Answers3

Linked