set-npm-auth-token-for-ci
Set authentication token placeholder into
.npmrcfile for use in automated CI processes.
When you need to authenticate with a package registry using the npm or yarn package manager, and you are authenticating with that registry from within a Continuous Integration environment, you are strongly encouraged to use an authentication token placeholder.
For example, your package may have an .npmrc file that configures a private registry:
//registry.example.com/To authenticate you could set an authentication token in the .npmrc file:
//_authToken=SECRETNow every request to registry.example.com/ that must be authenticated will receive the SECRET token.
However, you don't want to commit your authentication token to your source repository where other people will have access to the token.
Instead, you want to inject your token into your Continuous Integration environment using an environment variable, and then configure npm and yarn to get the authentication token from the environment.
That's where set-npm-auth-token-for-ci helps. set-npm-auth-token-for-ci gets the registry used by the current package and writes an authentication token placeholder to the correct .npmrc file.
If there's an .npmrc file located within the current directory, and that directory contains an package.json file, then set-npm-auth-token-for-ci will write the authentication token placeholder into that .npmrc file. Otherwise the authentication token placeholder will be written into the .npmrc file located at the root of the user's home directory.
The placeholder is of the form: [REGISTRY]/:_authToken=${NPM_TOKEN}
For example, if the package is configured to use the our example npm registry, the placeholder will be: //registry.example.com/:_authToken=${NPM_TOKEN}
When npm or yarn need to authenticate, they retrieve the value assigned to _authToken, which is ${NPM_TOKEN}, and then replace ${NPM_TOKEN} with the value of the NPM_TOKEN environment variable.
Table of Contents
Installation
To install the set-npm-auth-token-for-ci tool for use in your project please run the following command:
yarn add [--dev] set-npm-auth-token-for-ciUsage
Import the package into your project:
const setNpmAuthTokenForCI = ;To write the authentication token placeholder, invoke the imported function:
;If an issue is encountered while writing to the .npmrc file, an exception will be thrown. Consider wrapping setNpmAuthTokenForCI in a try/catch.
try ; catch error /* Handle the error. */Debugging
To assist users of set-npm-auth-token-for-ci with debugging the behavior of this module we use the debug utility package to print information to the console. To enable debug message printing, the environment variable DEBUG, which is the variable used by the debug package, must be set to a value configured by the package containing the debug messages to be printed.
To print debug messages on a unix system set the environment variable DEBUG with the name of this package prior to executing a tool that invokes this module:
DEBUG=set-npm-auth-token-for-ci [CONSUMING TOOL]On the Windows command line you may do:
set DEBUG=set-npm-auth-token-for-ci[CONSUMING TOOL]Node Support Policy
We only support Long-Term Support versions of Node.
We specifically limit our support to LTS versions of Node, not because this package won't work on other versions, but because we have a limited amount of time, and supporting LTS offers the greatest return on that investment.
It's possible this package will work correctly on newer versions of Node. It may even be possible to use this package on older versions of Node, though that's more unlikely as we'll make every effort to take advantage of features available in the oldest LTS version we support.
As each Node LTS version reaches its end-of-life we will remove that version from the node engines property of our package's package.json file. Removing a Node version is considered a breaking change and will entail the publishing of a new major version of this package. We will not accept any requests to support an end-of-life version of Node. Any merge requests or issues supporting an end-of-life version of Node will be closed.
We will accept code that allows this package to run on newer, non-LTS, versions of Node. Furthermore, we will attempt to ensure our own changes work on the latest version of Node. To help in that commitment, our continuous integration setup runs against all LTS versions of Node in addition the most recent Node release; called current.
JavaScript package managers should allow you to install this package with any version of Node, with, at most, a warning if your version of Node does not fall within the range specified by our node engines property. If you encounter issues installing this package, please report the issue to your package manager.
Contributing
Please read our contributing guide to see how you may contribute to this project.