Publish an NPM package to GitLab package registry

Question

I followed the instructions in the GitLab docs to publish my project as a package to the project's registry. Here is my .gitlab-ci.yml file:

image: node:18

stages:
  - publish

publish:
  stage: publish
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
  script:
    - echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
    - npm publish

When I run this pipeline, it gives the following error:

npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in to https://registry.npmjs.org/
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2023-02-16T19_08_00_397Z-debug-0.log

Why does it say I need to authenticate with registry.npmjs.org? I am trying to publish to my GitLab package registry, not to NPM. More importantly, how do I correctly authenticate with GitLab and publish my NPM package to the project's registry?

More Details

I tried adding this line at the top of my script block:

- echo "registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/">.npmrc

This gives the following error:

npm notice Publishing to https://gitlab.com/api/v4/projects/<project-id>/packages/npm/ with tag latest and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://gitlab.com/api/v4/projects/<project-id>/packages/npm/npm-publish-gitlab
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2023-02-16T19_26_48_321Z-debug-0.log

If I also change image: node:18 to image: node:14, it works. So something appears to have changed since nodejs 14 that breaks the gitlab pipeline implementation. Any ideas what it might be?

I changed my script to

  script:
    - cd ui
    - echo "@${CI_PROJECT_NAMESPACE}:${CI_JOB_TOKEN}" >> .npmrc
    - cat .npmrc
    - npm publish --registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/

Now this gives:

npm ERR! code E404
npm ERR! 404 Not Found - PUT https://gitlab.com/api/v4/projects/<project-id>/packages/npm/ui
npm ERR! 404 
npm ERR! 404  'ui@0.1.0' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2023-02-24T16_54_47_061Z-debug.log

I am the author and this is an attempt to publish the package. So this error makes absolutely no sense. What do I try next?

Is gitlab set as the registry for npm? The [docs](https://docs.gitlab.com/ee/user/packages/npm_registry/#authenticating-via-the-npmrc-1) mention a .npmcr file configuring the registry. — 8bit, Feb 19 '23 at 09:55
@8bit Yes. As you see in my build pipeline script, I echo a line to the `.npmrc` file to set the token to authenticate with the gitlab registry. — Code-Apprentice, Feb 20 '23 at 16:42
Is your package using a scope (something like `@scope/package-name`)? And could you share a simplified (no deps) version of your `package.json` file please? — indyteo, Feb 25 '23 at 18:56
Could be the `npm` version bundled with the node version and the related syntax changes in regards to [auth related configuration](https://docs.npmjs.com/cli/v9/configuring-npm/npmrc?v=true#auth-related-configuration). Specifically they need to be scoped to a registry in newer versions but not in older versions that come bundled with node 14. — morganney, Feb 26 '23 at 01:47

score 2 · Answer 1 · answered Feb 19 '23 at 09:59

It looks like you're missing a definition to publish your package to the internal registry.

This can be done in the package.json (although I don't think there's a convenient way of using environment variables there):

"publishConfig": {
    "registry":"http://my-internal-registry.local"
}

or directly in the .npmrc:

registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/

this can also be limited to a specific scope:

@myscope:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/

Thanks for the suggestions. If I add the registry to the `.npmrc` file as you show. I get a 403 response when running `npm publish`. Interestingly, if I also change the image to `node:14` instead of `node:18`, it works. See the update at the end of my question. — Code-Apprentice, Feb 20 '23 at 16:55

Publish an NPM package to GitLab package registry

More Details

1 Answers1