If you are using deployment servers or testing with Continuous Intergration servers, you'll need a way to download your private packages to those servers. These are the steps:
One of the things that has changed in npm is that we now use auth tokens to authenticate in the CLI. To generate an auth token, use npm token create
.
$ npm token create npm password: ┌────────────────┬──────────────────────────────────────┐ │ token │ d97a6e1f-cb87-0000-94e0-e06fe03c8a5c │ ├────────────────┼──────────────────────────────────────┤ │ cidr_whitelist │ │ ├────────────────┼──────────────────────────────────────┤ │ readonly │ false │ ├────────────────┼──────────────────────────────────────┤ │ created │ 2018-03-14T21:57:25.427Z │ └────────────────┴──────────────────────────────────────┘
There are several settings that you can use in the new token. Please see this doc for details.
Set up a custom .npmrc
file in your project folder. Use this to authenticate the CI or deployment server with npm.
To make this more secure when pushing it up to the server, you can set this token as an environment variable on the server.
You will also need to add this to your environment variables on your development machine. In OSX or Linux, you would add this line to your ~/.profile
:
export NPM_TOKEN="00000000-0000-0000-0000-000000000000"
and then refresh your environment variables:
source ~/.profile
.npmrc
Then you can check in the .npmrc
file, replacing your token with the environment variable.
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
The token is not derived from your password, but changing your password will invalidate all tokens. The token will be valid until the password is changed. You can also invalidate a single token by logging out on a machine that is logged in with that token.
`npm token revoke' is a better choice. For instructions, see.
© npm, Inc. and Contributors
Licensed under the npm License.
npm is a trademark of npm, Inc.
https://docs.npmjs.com/private-modules/ci-server-config