google-artifactregistry-auth
Advanced tools
google-artifactregistry-auth is an npm module that allows you to configure npm to interact with npm repositories stored in Artifact Registry.
This repository contains tools to simplify the process of working with npm/yarn packages using Artifact Registry.
The Artifact Registry google-artifactregistry-auth module is an npm package which allows you to configure npm/yarn to interact with npm private repositories in Artifact Registry.
For more details, see https://cloud.google.com/artifact-registry/docs/nodejs/authentication
The module automatically searches for credentials from the environment and authenticates to Artifact Registry. It looks for credentials in the following order:
gcloud auth login.NOTE: This module would update credentials for all Artifact Registry repositories. It would not be suitable if you use multiple account credentials in npmrc/yarnrc file.
To use the module:
Log in
Option 1: log in as a service account:
(1). Using a JSON file that contains a service account key:
`$ export GOOGLE_APPLICATION_CREDENTIALS=[path/to/key.json]`
(2). Or using gcloud:
`$ gcloud auth application-default login`
Option 2: log in as an end user via gcloud:
$ gcloud auth login
Add settings to connect to the repository to .npmrc / .yarnrc.yml. Use the output from the following command:
2.1. For npm (and .npmrc)
`$ gcloud artifacts print-settings npm`
```
registry=https://LOCATION-npm.pkg.dev/PROJECT_ID/REPOSITORY_ID/
//LOCATION-npm.pkg.dev/PROJECT_ID/REPOSITORY_ID/:always-auth=true
```
Where
**PROJECT_ID** is the ID of the project.
**REPOSITORY_ID** is the ID of the repository.
**LOCATION** is the location of the repository.
2.2. For yarn (and .yarnrc.yml)
Add to
```
npmScopes:
workspace:
npmRegistryServer: 'https://LOCATION-npm.pkg.dev/PROJECT_ID/REPOSITORY_ID'
npmAlwaysAuth: true
npmAuthToken: 'empty'
```
Where
**PROJECT_ID** is the ID of the project.
**REPOSITORY_ID** is the ID of the repository.
**LOCATION** is the location of the repository.
3. Use one of these below options to run the script
1. Run the module outside of the directory containing the target npmrc file
npm:
`$ npx google-artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc]`
yarn:
`$ npx google-artifactregistry-auth --repo-config-yarn=[./.yarnrc.yml] --credential-config-yarn=[~/.yarnrc.yml]`
2. Include the command in the scripts in package.json
npm:
```
"scripts": {
"artifactregistry-login": "npx google-artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc]",
}
```
yarn:
```
"scripts": {
"artifactregistry-login": "npx google-artifactregistry-auth --repo-config-yarn=[./.yarnrc.yml] --credential-config-yarn=[~/.yarnrc.yml]",
}
```
Where:
- `--repo-config` is the `.npmrc` file with your repository settings. If you don't specify this flag,
the default location is the current directory.
- `--credential-config` is the path to the `.npmrc` file where you want to write the access token. The default is your user `.npmrc` file.
- `--repo-config-yarn` is the `.yarnrc.yml` file with your repository settings. If you don't specify this flag,
the default location is the current directory.
- `--credential-config-yarn` is the path to the `.yarnrc.yml` file where you want to write the access token. The default is your user `.yarnrc.yml` file.
If you want to skip checking for npm Artifact Registry domain and allow the auth token to be attached to any domains, add the flag `--allow-all-domains`
And then run the script
`$ npm run artifactregistry-login`
3. `npx` should come with `npm` 5.2+. If `npx` is not available:
Install the module from npmjs.com as a dev dependency and include the
command in the script
`$ npm install google-artifactregistry-auth --save-dev`
npm:
```
"scripts": {
"artifactregistry-login": "./node_modules/.bin/artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc]",
}
```
yarn:
```
"scripts": {
"artifactregistry-login": "./node_modules/.bin/artifactregistry-auth --repo-config-yarn=[./.yarnrc.yml] --credential-config-yarn=[~/.yarnrc.yml]",
}
```
Run the script
`$ npm run artifactregistry-login`
FAQs
google-artifactregistry-auth is an npm module that allows you to configure npm to interact with npm repositories stored in Artifact Registry.
The npm package google-artifactregistry-auth receives a total of 557,505 weekly downloads. As such, google-artifactregistry-auth popularity was classified as popular.
We found that google-artifactregistry-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.
Security News
The remediated findings include organization permission bugs, stale project access after transfers, OIDC replay edge cases, audit logging gaps, and an IDOR in API token deletion.