How to Use Private npm Modules with CircleCI
To install a private npm module as a dependency, some form of authentication needs to be done. There’s two ways to do this:
npm login. This is the most common way, but needs a fancy command to get it working in a CI environment. You can find instructions for this here.
Using npm tokens. Newer versions of npm support tokens (Requires npm version 5.5.1 or greater). The official npm docs covers tokens here. The summary version is that when
npm loginis used on your local machine, a token is generated and saved in the corresponding
.npmrcfor that module/project. Note
.npmrcmust exist in your file system or token replacement will fail silently.
To configure CircleCI to use this token, find token in the
.npmrcfile (format is 00000000-0000-0000-0000-000000000000) and set it as a private environment variables
NPM_TOKEN. Finally, add a script to inject this configuration into the container’s
dependencies: pre: - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
By default, using
npm login will use npm’s official module registry
https://registry.npmjs.org/. If the private modules happens to be on a
third-party registry, maybe your own, you can add
--registry=http://registry.acme.io to the command. Here’s an example:
dependencies: pre: - echo -e "$NPM_USER\n$NPM_PASS\n$NPM_EMAIL" | npm login --registry=http://registry.acme.io
Note: The example above is if you went with the first method of authenticating above.
Not Using a Registry At All
If you don’t want to login to a remote registry to download private modules,
npm install gives you other options.
- Local directory. If you can get the module via other means (maybe a
script), then you can run
npm install .if you are in the directory or
npm install path/to/modulefor elsewhere in the file system.
- Git. You can always rely on a Git repository like this
npm install git://github.com/acme/private-module.git