13

I have to work with some packages in the private registry. So, in my package.json in the dependencies section I have a lines like this one:

...
"dependencies": {
    "@myco/my-awesome-package": "^0.4.5",
    ...
}
...

There is authentication required for the private registry, so I have to create the .npmrc file in my project:

registry=https://registry.npmjs.org/
@myco:registry=https://myco-registry-path/
//myco-registry-path/:username=${MYCO_REGISTRY_USER}
//myco-registry-path/:_password=${MYCO_REGISTRY_PASSWORD_BASE64}

Yes, I know about _authToken, but in my case it is easier to use user and password.

Anyway, here you can see two env variables: ${MYCO_REGISTRY_USER} and ${MYCO_REGISTRY_PASSWORD_BASE64} which I have to replace before npm install. I know the very simple solution for this problem: put them to the "global" env variables for example to my .bash_profile (or any terminal profile of your choice). But I do not want to keep variables like this in the "global" scope because the are important only for the current project. What I want to do is to use dotenv. I want to create a .env file in the root of my project:

MYCO_REGISTRY_USER=myco-registry-username-value
MYCO_REGISTRY_PASSWORD_BASE64=myco-registry-password-value-base64

I want that this values replace env variables in my .npmrc on the install action. But when I try npm install I get an error: Error: Failed to replace env in config: ${MYCO_REGISTRY_USER}. I can understand why it happens. Possibly because npm reads .npmrc values first and try to replace env variables and fails, because in this moment it know nothing about dotenv. My question is how to deal with it?

Short summary:

  1. I do not want to keep env variables in the terminal profile, instead I want to put it in the .env file inside my project.

  2. I have to replace env variables in the .npmrc file with dotenv before npm install

Ceridan
  • 2,376
  • 3
  • 23
  • 32
  • you should run scripting which may copy the configuration variables from .npmrc and create .env. – Dipak Jan 11 '20 at 04:55

1 Answers1

7

I know this answer might come too late, but in case anyone else is looking for answers, here's a solution:

You need to prepend your scripts with dotenv-cli as so:

dotenv npm install

or in my case where the file was not .env:

dotenv -e .env.local npm install

The problem is that you cannot save this anywhere so that someone can use it with "npm install" somehow. Definitely npm preinstall is run after reading .npmrc so it fails too.

You will need to either document it well or just include a small shell script, but if you're supporting different OSs then it can get funny really fast...

Happily so, CD platforms like Netlify allow you to set environment variables manually.

But I guess this must not be the nicest of starts if someone clones your repo and the first they've got is a failing npm install ‍♂️

Also, check this one out: locking-the-vault-on-font-awesome-npm-tokens

Jose Daniel Vivar Personat
  • 153
  • 2
  • 8
  • There are so many posts/issues/tweets/comments about this across the interwebs but this is by far the best (most contained) solution. Thank you! Gotta get some upvotes! – Scott Jan 22 '23 at 17:26