npm gets its config settings from the command line, environment variables, and npmrc
files.
The npm config
command can be used to update and edit the contents of the user and global npmrc files.
For a list of available configuration options, see config.
The four relevant files are:
All npm config files are an ini-formatted list of key = value
parameters. Environment variables can be replaced using ${VARIABLE_NAME}
. For example:
prefix = ${HOME}/.npm-packages
Each of these files is loaded, and config options are resolved in priority order. For example, a setting in the userconfig file would override the setting in the globalconfig file.
Array values are specified by adding "[]" after the key name. For example:
key[] = "first value" key[] = "second value"
Lines in .npmrc
files are interpreted as comments when they begin with a ;
or #
character. .npmrc
files are parsed by npm/ini, which specifies this comment syntax.
For example:
# last modified: 01 Jan 2016 ; Set a new registry for a scoped package @myscope:registry=https://mycustomregistry.example.org
When working locally in a project, a .npmrc
file in the root of the project (ie, a sibling of node_modules
and package.json
) will set config values specific to this project.
Note that this only applies to the root of the project that you're running npm in. It has no effect when your module is published. For example, you can't publish a module that forces itself to install globally, or in a different location.
Additionally, this file is not read in global mode, such as when running npm install -g
.
$HOME/.npmrc
(or the userconfig
param, if set in the environment or on the command line)
$PREFIX/etc/npmrc
(or the globalconfig
param, if set above): This file is an ini-file formatted list of key = value
parameters. Environment variables can be replaced as above.
path/to/npm/itself/npmrc
This is an unchangeable "builtin" configuration file that npm keeps consistent across updates. Set fields in here using the ./configure
script that comes with npm. This is primarily for distribution maintainers to override default configs in a standard and consistent manner.
The settings _auth
, _authToken
, username
and _password
must all be scoped to a specific registry. This ensures that npm
will never send credentials to the wrong host.
In order to scope these values, they must be prefixed by a URI fragment. If the credential is meant for any request to a registry on a single host, the scope may look like //registry.npmjs.org/:
. If it must be scoped to a specific path on the host that path may also be provided, such as //my-custom-registry.org/unique/path:
.
; bad config _authToken=MYTOKEN ; good config @myorg:registry=https://somewhere-else.com/myorg @another:registry=https://somewhere-else.com/another //registry.npmjs.org/:_authToken=MYTOKEN ; would apply to both @myorg and @another ; //somewhere-else.com/:_authToken=MYTOKEN ; would apply only to @myorg //somewhere-else.com/myorg/:_authToken=MYTOKEN1 ; would apply only to @another //somewhere-else.com/another/:_authToken=MYTOKEN2
© npm, Inc. and Contributors
Licensed under the npm License.
npm is a trademark of npm, Inc.
https://docs.npmjs.com/cli/v8/configuring-npm/npmrc