You can use authentication tokens to test private npm packages with continuous integration (CI) servers, or deploy them to continuous deployment (CD) servers.
Create a new authentication token that will be used only to access npm packages from a CI/CD server.
npm token create will generate a token with both read and write permissions. When generating a token for use in a continuous integration environment, we recommend creating a read-only token:
npm token create --read-only
For more information on creating authentication tokens, including CIDR-whitelisted tokens, see “Creating an authentication token”.
Since continuous deployment environments usually involve the creation of a deploy artifact, the token likely will need read and write permissions, which are granted with the standard token creation command:
npm token create
npm token create --cidr=[list] npm token create --read-only --cidr=[list]Example:
npm token create --cidr=192.0.2.0/24For more information, see "Creating and viewing authentication tokens".
Set your token as an environment variable on the CI/CD server and your development machine. In OSX or Linux, add this line to your
~/.profile, replacing the example token with your own:
and then refresh your environment variables:
Use a project-specific
.npmrc file with a variable for your token to securely authenticate your CI/CD server with npm.
.npmrcfile with the following contents: