How to configure npm token via npm_config_* env var? #15565
Comments
We're closing this issue as it has gone seven days without activity and without being labeled. If we haven't even labeled in issue in seven days then we're unlikely to ever read it. If you are still experiencing the issue that led to you opening this or this is a feature request you're still interested in then we encourage you to open a new issue. If this was a support issue, you may be better served by joining package.communty and asking your question there. For more information about our new issue aging policies and why we've instituted them please see our blog post. |
It's very annoying that there is no clear way to specify this as an environment variable |
Can't you use |
@legodude17, the only way I know to provide the NPM token via an env var is to relay it via the Independently, a mismatch between a program's behavior and its docs is confusing, |
Also, the officially recommended way to handle this in the npm documentation is quite annoying: If you add a .npmrc file that includes a placeholder for an environment variable you now have to define this env var for all environments and it also needs to be present for any npm command run. So even though you only need it for example for running |
Even worse: Some months ago I ran across a package that installed other packages via npm and didn't pass my environment. |
I believe the cause for this is the way npm translates environment variables to config keys. When we have an environment variable So at its root there are two parts of the code that disagree on how config keys should be normalised, and it seems to affect all config keys containing underscores (i.e. none of those can be set using an environment variable). I hope this can get someone started on a fix? I could also work on one but would need guidance. |
@mkhl I would suggest posting this in https://npm.community. Either bugs or ideas, I am not sure. |
As discussed on npm.community[1], the fact that npm registry authentication tokens cannot be defined using environment variables does not seem justified anymore. The restriction is caused by the config loader translating * all `_` to `-` * the whole variable name to lowercase while the credential checker expects a key ending in `:_authToken`. This change fixes the problem by having the credential checker try a key ending in `:-authtoken` after it tried `:_authToken`. Closes npm/npm#15565 [1]: https://npm.community/t/cannot-set-npm-config-keys-containing-underscores-registry-auth-tokens-for-example-via-npm-config-environment-variables/233
…le (#8) As discussed on npm.community[1], the fact that npm registry authentication tokens cannot be defined using environment variables does not seem justified anymore. The restriction is caused by the config loader translating * all `_` to `-` * the whole variable name to lowercase while the credential checker expects a key ending in `:_authToken`. This change fixes the problem by having the credential checker try a key ending in `:-authtoken` after it tried `:_authToken`. Fixes: https://npm.community/t/233 Fixes: npm/npm#15565 PR-URL: #8 Credit: @mkhl Reviewed-By: @zkat
I'm opening this issue because:
What's going wrong?
npm seems to ignore my
npm_config_//registry.npmjs.org/:_authToken
environment variable.I'm trying to restrict the environments where my npm login token is stored. I tried using an environment variable in my
.npmrc
as described in #8356 but adding that config line makes npm (e.g.npm --help
) crash withError: Failed to replace env in config: ${NPM_TOKEN}
in all shells where the var isn't set.Luckily, "npm is extremely configurable", so I tried the "environment variables" approach. Using the
export
command as suggested in the docs didn't work because:… so instead I used
env
to spawn a new bash that would inherit my variable. Inside it, I used node.js to verify it is set correctly, then tried to publish:(Of course I used a token that worked in my
.npmrc
just seconds ago, so that should not be the problem.)How can the CLI team reproduce the problem?
With the commands above, hopefully.
supporting information:
npm -v
prints: 3.10.10node -v
prints: v6.9.4npm config get registry
prints: http://registry.npmjs.org/The text was updated successfully, but these errors were encountered: