diff --git a/docs/lib/content/configuring-npm/npmrc.md b/docs/lib/content/configuring-npm/npmrc.md index cd31ae886f132..fe3161a819a49 100644 --- a/docs/lib/content/configuring-npm/npmrc.md +++ b/docs/lib/content/configuring-npm/npmrc.md @@ -94,7 +94,7 @@ to override default configs in a standard and consistent manner. ### Auth related configuration The settings `_auth`, `_authToken`, `username` and `_password` must all be -scoped to a specific registry. This ensures that `npm` will never send +scoped to a specific `registry`. This ensures that `npm` will never send credentials to the wrong host. The full list is: @@ -112,23 +112,54 @@ the scope may look like `//registry.npmjs.org/:`. If it must be scoped to a specific path on the host that path may also be provided, such as `//my-custom-registry.org/unique/path:`. +#### How NPM matches Registry URL with auth configuration + +Let's say you have: + +```ini +@myorg:registry=https://registry.npmjs.org/myorg +``` + +npm will look for: + +```ini +//registry.npmjs.org/myorg/:_authToken=... +``` + +If instead you put: + +```ini +//registry.npmjs.org/:_authToken=... ``` + +That won’t be used, because it **doesn’t match** what npm looks for from the registry URL you defined. + +#### Extended configuration example + +```ini ; bad config _authToken=MYTOKEN ; good config -@myorg:registry=https://somewhere-else.com/myorg -@another:registry=https://somewhere-else.com/another +@myorg:registry=https://somewhere-else.npmjs.org/myorg +@another:registry=https://somewhere-else.npmjs.org/another +@anotherorg:registry=https:///registry.npmjs.org/path/anotherorg + +; Applies to any registry at https://registry.npmjs.org/ but not to any sub-path (see @anotherorg) //registry.npmjs.org/:_authToken=MYTOKEN -; would apply to both @myorg and @another -//somewhere-else.com/:_authToken=MYTOKEN +; Applies to both @myorg and @another but noth @anotherorg +//somewhere-else.npmjs.org/:_authToken=MYTOKEN + +; Only applies to @myorg +//somewhere-else.npmjs.org/myorg/:_authToken=MYTOKEN1 + +; Only applies to @another +//somewhere-else.npmjs.org/another/:_authToken=MYTOKEN2 -; would apply only to @myorg -//somewhere-else.com/myorg/:_authToken=MYTOKEN1 +; Only applies to @anotherorg +//registry.npmjs.org/path/anotherorg:_authToken=MYTOKEN3 -; would apply only to @another -//somewhere-else.com/another/:_authToken=MYTOKEN2 ``` ### See also