npm config set in CI
npm config controls registries, auth, and install behavior.
In CI you usually write an .npmrc with a token from a secret rather than committing config. Know which keys matter.
Common keys
registry- default registry URL//registry/:_authToken- auth (in .npmrc)fund=false,audit=false- quiet installscache- cache directory
Example in CI
Authenticate to a private registry from a secret.
shell
echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrcIn CI
Never commit tokens. Write .npmrc at build time from \${{ secrets.NPM_TOKEN }}. A 401 on install almost always means a missing or wrong token here.
Key takeaways
- Write
.npmrcfrom a secret at build time. - Set
fund=false audit=falsefor quiet installs. - 401 usually means a bad
_authToken.