Downloading Packages to CI/Deployment Servers: Setup and Authentication
In our last tutorial, we introduced private packages, what they are and who can have a private package.
The tutorial that you are about to read, will cover the download of packages to CI/deployment servers.
Downloading packages to CI/deployment servers
Whenever you are using deployment servers or when you are testing with Continuous Integration servers, you will have to download your private packages to those servers. The steps are to follow are outlined below:
- You will have to create a new auth token
- You should set up a .npmrc file that is specific to the project
- You should configure the ci/deployment server to provide the auth token
Creating a new authentication token
Lots of things has changed in npm, one of them is that npm now requires that you should use auth tokens to authenticate in the CLI. Whenever you need to generate an auth token, you should use npm token create.
token | d97a6e1f-cb87-0000-94e0-e06fe03c8a5c |
Cidr_whitelist | |
readonly | false |
created | 2019-11-21T16:57:25.427Z |
There are lots of things that you can do with the new token. Check our tutorial on working with tokens for more details.
Setting up a project-specific .npmrc file
To set up a project-specific .npmrc file, you should set up a custom .npmrc file in your project folder. You should this to authenticate the deployment or CI with npm.
Setting up environment variables
If you want to make this more secure when pushing it up to the server, this token can be set as an environment variable on the server.
You will also have to add this to your environment variables on your development machine. In Linux or OSX, you would have to add this line to your ~/.profile:
export NPM_TOKEN="00000000-0000-0000-0000-000000000000"
then, you will have to refresh your environment variables:
source ~/.profile
Checking in your .npmrc
Once you have set up your environment variables, you can then check in the .npmrc, and replacing your token with the environment variable.
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
How to Invalidate a Token
Although, npm does not derive the token from your password, but when you change your password the token will become invalid. A token can also be invalidated when you log out from a machine that is logged in with that particular token.
`npm token revoke` will be a better choice (see our tutorial on working with tokens for more information on this )
Summary
In this tutorial, you have learnt:
- The steps required to download to CI/deployment server
- how to create a new authentication token?
- how to set up a project-specific .npmrc file
- how to set environment variables?
- how to check in your .npmrc
- how to invalidate a token?
Previous:
Working with private packages.
Next:
Using Docker with Private NPM Packages: Setup and Authentication.
- Weekly Trends and Language Statistics
- Weekly Trends and Language Statistics