npm icon indicating copy to clipboard operation
npm copied to clipboard

Published 20 hours ago verified publisher icon semantic-release

Setting registry and authToken in NPM_CONFIG_USERCONFIG file does not work when project level .npmrc exists

Open techmunk opened this issue 5 years ago • 4 comments
trafficstars

I have a project which has a project level .npmrc that DOES NOT have registry and auth details in it. I have a CI pipeline that is doing the following tasks:

echo "@SCOPE:registry=$PUBLISH_URL" > ".npmrc-publish"
echo "${NOSCHEME_PUBLISH_URL}/:_authToken=${TOKEN}" >> ".npmrc-publish"
NPM_CONFIG_USERCONFIG=".npmrc-publish" npx semantic-release

I can see in the output that it is "reading npm config from" both files (both files are listed), but the only way the process completes without asking for an NPM_TOKEN, is to echo the above commands into the main .npmrc file.

Is the above scenario expected to work? This might be an issue with my own understanding of how .npmrc configs are supposed to work. I assumed they could work together but perhaps the most specific one always wins?

Thanks

techmunk avatar Aug 31 '20 06:08 techmunk

Even running rm .npmrc before the above also fails, and does not pick up the scoped registry in the .npmrc-publish file and attempts to publish to the default npm registry. I feel like I must be missing something simple.

techmunk avatar Aug 31 '20 06:08 techmunk

I believe this has nothing to with .npmrc file. I don't have one in my project, and try to publish to Gitlabs NPM registry, but the plugin keeps trying to authenticate against NPMs registry, instead of Gitlabs registry. I've tried setting it in the env variable NPM_CONFIG_REGISTRY too without luck

falecci avatar Sep 30 '20 20:09 falecci

Running into the same issue: I have an .npmrc created in a prior step in my Github Action workflow, to install packages from Github Packages, then when running semantic release, though we use the environment variables to override the registry and token, it keeps failing.

The documentation is confusing on that particular aspect: https://github.com/semantic-release/npm?tab=readme-ov-file#npm-configuration. It mentions:

  • The registry can be configured via the npm environment variable NPM_CONFIG_REGISTRY and will take precedence over the configuration in .npmrc.

But also:

  • The presence of an .npmrc file will override any specified environment variables.

So it's unclear which one takes precedence over the other.

foxted avatar Mar 21 '24 20:03 foxted

But also:

  • The presence of an .npmrc file will override any specified environment variables.

i agree that this is confusing, but i believe it is accurate if limited to the environment variables that are specific to semantic-release. as written, that is not clear though, i agree. would welcome a Pr to clarify that better.

semantic-release/npm#npm-configuration. It mentions:

  • The registry can be configured via the npm environment variable NPM_CONFIG_REGISTRY and will take precedence over the configuration in .npmrc.

for the environment variables used directly by npm, the npm documentation linked to in the section you linked to is authoratative and defines precendence

The presence of registry or dist-tag under publishConfig in the package.json will take precedence over the configuration in .npmrc and NPM_CONFIG_REGISTRY

please also keep this in mind. if you are needing to publish to a different registry than youve defined in your npmrc when downloading, publishConfig is usually the better option over using an environment variable

travi avatar Mar 28 '24 05:03 travi