Skip to content
Latchkey

npm config set in CI

npm config controls registries, auth, and install behavior.

In CI you usually write an .npmrc with a token from a secret rather than committing config. Know which keys matter.

Common keys

  • registry - default registry URL
  • //registry/:_authToken - auth (in .npmrc)
  • fund=false, audit=false - quiet installs
  • cache - cache directory

Example in CI

Authenticate to a private registry from a secret.

shell
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc

In CI

Never commit tokens. Write .npmrc at build time from \${{ secrets.NPM_TOKEN }}. A 401 on install almost always means a missing or wrong token here.

Key takeaways

  • Write .npmrc from a secret at build time.
  • Set fund=false audit=false for quiet installs.
  • 401 usually means a bad _authToken.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →