The purpose of this effort is to be able to test whether a package version exists in a private registry, without having to touch the filesystem / config files. For packages in public registries this is perfectly straightforward: npm view lpad@2.0.1 produces some information about that published version, but (as of this writing) npm view lpad@201.0.0 does not have any information or output. I'm using this to infer the existence of packages.
I can also pass a private registry URL to npm view <packagename>, as in npm view <packagename> --registry https://private.registry/path/. This seems to hit the private registry even though it isn't explicitly mentioned in the npm-view documentation (but it's described in the npm-search documentation, so I take this to mean it's a documented API feature).
To be able to talk to private registries at all, I can use an authentication token in the query according to these npm instructions for doing it in a CI/CD workflow: put it into the .npmrc file like this:
//your_registry/:_authToken 12345
Or more securely, //your_registry/:_authToken $TOKEN and set the TOKEN environment variable to 12345 elsewhere.
What I can't figure out how to do is use npm view against a private npm registry, without writing to the .npmrc file.
I plan to be running several queries in parallel from the same machine, so to avoid race conditions in the .npmrc file, I'd rather pass the authentication directly in each command. I assume that with an auth token, this is just a simple curl command but I haven't had much luck finding information on how the NPM API works. (The npm-registry-client doesn't appear to do anything related to view/find; it has access which sets an access level).
Am I missing something blindingly obvious? Where can I find a guide on the request format for view and/or search functions of an NPM registry? What is the curl command that includes sending the auth token, package name, and version and receives some indication of whether it exists?
