npmrc-replace-env
Advanced tools
A utility for generating .npmrc files based on configuration template and environment variables.
A utility for dynamically generating .npmrc files based on configuration and environment variables.
Managing npm registry configurations and authentication tokens across different projects and environments can be cumbersome. This package aims to simplify this process by providing a utility that dynamically generates the .npmrc file based on a configuration file (.npmrc.config) and corresponding environment variables (.env).
This approach prioritizes security, preventing inadvertent exposure of sensitive information, like auth tokens in your .npmrc file, in version control systems.
npm install npmrc-replace-env
yarn add npmrc-replace-env
pnpm add npmrc-replace-env
Note: While installing the package is an option, it's important to highlight that it is not required for using the utility. The utility can be directly invoked using npx without installing the package.
Run the utility using npx:
npx npmrc-replace-env
This will generate a .npmrc file (or override any existing .npmrc files) based on the configuration provided in a file named .npmrc.config.
Create a file named .npmrc.config in the root of your project. This file should contain the configuration for your .npmrc file. The utility will replace placeholders in this configuration with corresponding environment variables.
Example .npmrc.config:
# .npmrc.config
# Custom registry for @myorg packages
@myorg:registry=https://somewhere-else.com/myorg
//somewhere-else.com/myorg/:_authToken=NPMRC_MYTOKEN1
# Custom registry for @another packages
@another:registry=https://somewhere-else.com/another
//somewhere-else.com/another/:_authToken=NPMRC_MYTOKEN2
# Custom registry for @fortawesome packages
@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=NPMRC_FA_AUTH_TOKEN
In this example, the .npmrc.config file defines custom registries for @myorg, @another, and @fortawesome. The authentication tokens are provided as environment variables (NPMRC_MYTOKEN1, NPMRC_MYTOKEN2, and NPMRC_FA_AUTH_TOKEN), which will be replaced during the generation process.
It's important to add .npmrc to your .gitignore file to prevent accidentally committing sensitive information, such as authentication tokens. Ensure that your .npmrc file is listed in .gitignore to maintain the security of your project.
Define environment variables in your .env file to be replaced during the generation process. Ensure that every placeholder and defined environment variable starts with NPMRC_ to be loaded and replaced correctly.
Create a file named .env in the root of your project. This file will contain the environment variables used in your application. You can also create environment-specific files like .env.local, .env.development, .env.development.local, etc.
Example .env file:
NPMRC_MYTOKEN1=your_myorg_token_value
NPMRC_MYTOKEN2=your_another_token_value
NPMRC_FA_AUTH_TOKEN=your_fontawesome_token_value
For more detailed configuration options and information about using .env files, refer to the dotenv-flow documentation.
Contributions are welcome! If you encounter issues or have suggestions, please feel free to open an issue or submit a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
A utility for generating .npmrc files based on configuration template and environment variables.
The npm package npmrc-replace-env receives a total of 22,022 weekly downloads. As such, npmrc-replace-env popularity was classified as popular.
We found that npmrc-replace-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.
Security News
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
Security News
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.