How can I configure the auth parameter when using lerna publish? - npm

I have an .npmrc set up to publish to a private registry, but I do not want to check in auth credentials. How do I provide the _auth config when running lerna publish?
Unfortunately lerna publish does not accept the _auth flag: https://github.com/lerna/lerna/tree/master/commands/publish#options

I found out you can set npm config parameters using environment variables, so this does the trick:
npm_config__auth=AUTH npx lerna publish # yes, double underscore

This recent PR was made to lerna which exposes the _auth config through the --legacy-auth flag.
https://github.com/lerna/lerna/pull/2347/files
Usage is as follows: lerna publish --legacy-auth aGk6bW9t
This should be available in the next lerna release >3.19.0. It has not yet been released at time of writing.

Related

How do I publish a package to npm using an API key?

NPM gives the ability to create access tokens with the right to publish packages to the NPM registry, assuming that you've set the package settings to "Require two-factor authentication or automation tokens" in "Publishing access" (and so implicitly it requires 2FA to be enabled, I assume).
How do I use this token to publish? I've checked the output of npm publish -- it asks for an OTP code, either as a prompt or a flag, and before I enabled 2FA it asked me for my password again. Using a fixed token would be easier than having to pull up my authenticator app. I could disable 2FA, but getting the token working is preferable.
For verdaccio or similar you can use this:
> npm config set registry http://verdaccio/npm/
# then create and update local .npmrc file:
> npm config set _authToken=%YOUR_ACCES_TOKEN%
# and publish pointing to your registry
> npm publish --registry http://verdaccio/npm/
For proget:
[~]$ npm config set registry http://proget/npm/private-npm
[~]$ npm config set always-auth true
[~]$ npm config set _auth {ENCODEDAPIKEY}
[~]$ npm config set email {email address}
# then as usual
[~]$npm publish --registry {YOUR_REGISTRY}
Instructions are here proget and here verdaccio
The npm registry has 3 different kinds of token: Read-only, Automation, and Publish.
It sounds like you created a Publish token. You need to create an Automation token instead, since this is the only one that bypasses 2FA.

How to nicely include a private NPM dependency in a lerna workspace project?

To preface, the project is using lerna with yarn workspaces and we are pulling in an internal NPM package from our private npm registry (not hosted with npm).
I currently understand how .yarnrc and .npmrc files can authenticate to private registries but our current project has settings already changed in these files. A developer could add credentials in these files but then they cannot commit the file to github.
I was hoping to find a solution where a developer on the project can add the private registry credentials in a .env file and then auth with said credentials somehow in a hook before lerna runs "install"
My main goal was to make it easy to work with the project and not rely on having each developer run 'npm login' or some other commands besides just including the correct credentials in their .env file. This also makes it easy for CI/deployment pipelines.
Are there any specific lifecycle hooks that can run before install in a lerna package?

NPM: how to specify registry to publish in the command line?

I'm testing a new version of our npm packages registry. I'd like to run a job in our CI server specifying a registry different of the default.
I tried to execute npm publish --registry "http://nexus.dsv.myhost/nexus/repository/npmjs-registry but it didn't work. It was published to the default registry.
How do I specify a different registry while running npm publish. It is a scoped package.
There's multiple ways to accomplish this.
use npm config to set the registry globally:
npm config set registry http://nexus.dsv.myhost/nexus/repository/npmjs
use npm config to set the registry for the package scope:
npm config set #<your scope here>:registry http://nexus.dsv.myhost/nexus/repository/npmjs
configure your package.json with a publish config:
{
...
"publishConfig": {
"registry": "http://nexus.dsv.myhost/nexus/repository/npmjs"
},
...
}
use npmrc to configure the registry
registry=http://nexus.dsv.myhost/nexus/repository/npmjs
It sounds like you have a scope-specific registry configured somewhere in your npm config.
npm will merge your global, local and CLI-provided config. But any scope-specific config will take precedence over unscoped config regardless of where each of them are defined.
For example, if you have #myscope:registry=xyz in your ~/.npmrc file, that will take precedence over --registry=abc provided on the CLI, because a scope-specific registry always overrides the unscoped registry.
However, you can also pass a scope-specific registry on the CLI itself like this:
npm publish --#myscope:registry=http://nexus.dsv.myhost/nexus/repository/npmjs-registry
Note that because of how nopt (which is what npm uses under the hood to parse the CLI options) parses freeform switches, the = sign here is required. If you use a space instead, it won't work as expected.

How to publish/deploy a npm package to custom artifactory

I want to do something like this:
Create an npm package. Basically, a common code which I want to use for all of my projects. Which I created.
But now What I want is, Every time I commit something in git for this project, Jenkins should build it with updated alpha/beta version and should publish to my own artifactory.
Your Jenkins job can be configured to be triggered by a webhook, which would take care of the first part (every time I commit). Depending on which Git server you're using you can find a lot of tutorials how to do that:
For GitHub
For GitLab
For Gogs
please note this is just a random selection of tutorials how to set up the webhook triggers to work with Git servers and by no means an exhaustive list
To publish your package to JFrog Artifactory you can either use the Jenkins Artifactory Plugin, or use the NPM command line. If you want to use the npm command line, you'll need to authenticate first:
# setting the default registry to Artifactory
npm config set registry http://<ARTIFACTORY_SERVER_DOMAIN>:8081/artifactory/api/npm/npm-repo/
# log in
npm login
alternatively you can get a .npmrc file directly from Artifactory using:
curl -u admin:<CREDENTIAL> http://<ARTIFACTORY_SERVER_DOMAIN>:8081/artifactory/api/npm/auth
After that, there are two ways you can push your package to Artifactory:
Edit your package.json file and add a publishConfig section to a local repository: "publishConfig":{"registry":"http://localhost:8081/artifactory/api/npm/npm-repo/"}
Provide a local repository to the npm publish command: npm publish --registry http://localhost:8081/artifactory/api/npm/npm-repo/

How to use yarn with private npm registry in Sonatyoe Nexus OSS?

I ve setup the nexus oss 3 and it looks cool. All my projects are installed by using yarn because of the --pure-lockfile option.
Steps to reproduce the issue:
1. Setup nexus oss 3 with a private npm registry (as in documentation)
2. Disable anonymous access from nexus oss 3 admin panel
3. On a linux server with alpine try to yarn install --pure-lockfile (you must have a package that is hosted on the private repo in package.json)
4. Does not work, return 401 error
I tried everything but i could not manage to make yarn to login to get those packages.
If i use npm install, it works.
Can someone tell me how to make yarn work nexus oss3 using the setup from above?
If npm install is working, then you must have login credentials and repository correctly defined.
Open terminal and run npm login, give your username and password for nexus account. This will create a file ~/.npmrc. Open this file nano ~/.npmrc, output look like
//<repository>:_authToken=NpmToken.<token>
A dummy example:
//test.server.com/repository/npm-group/:_authToken=NpmToken.123456-12345-12345-tok-en0onum
Go to the project directory cd <project_dir>, create a new file .yarnrc, open it nano .yarnrc. Insert the following line, save and exit (Ctrl+O, Ctrl+X) it.
registry "<repository>"
Create another file .npmrc in the same directory <project_dir>. Open, add the following line, save and exsit.
registry=<repository>
always-auth=true
//<repository>:_authToken=NpmToken.<token>
Delete the .npmrc at home directory rm ~/.npmrc.
Now you can download node_modules with yarn or yarn install.
I had same issue with nexus 3 and use this configuration on my .npmrc file:
registry=https://your.nexus.com/repository/some-npm/
always-auth=true
/* basic-auth-token: your user:password in base64 */
_auth=<basic-auth-token>
Hope this help you!
The fact that your requests returns 401 (Unauthorized) means that you should supply credentials when connecting to Nexus.
It is far from being a nice solution but I got it working using
yarn set registry https://user:pwd#your.nexus.host/nexus3/repository/npmjs/
I use yarn 1.4.0 (release candidate). It should also work on 1.3.2, but I cannot test that because 1.3.2 has issues with HTTPS_PROXY env vars.