Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
pipelines-private-npm
Advanced tools
Private modules in Bitbucket Pipelines
Automates some of the steps described in the Bitbucket Pipelines docs to work with modules from a private NPM registry.
Usage
First, configure the following environment variable in Bitbucket Pipelines:
NPM_TOKEN: This is the authentication token to your registry. You can find it in your local ~/.npmrc, after you login to your registry.
Your bitbucket-pipelines.yml script can then use pipelines-private-npm to configure the build container:
image: node:carbon-slim
pipelines:
default:
- step:
script:
- npm i -g pipelines-private-npm
- build-setup
- npm install
- ...
Configuration parameters
The build-setup script accepts parameters to configure the registry, NPM organization and alias for the registry:
-r <registry>: Configure the registry, e.g.build-setup -r https://npm-private.example.com.-o <org>: Configure the NPM organization for packages like@example/my-package. Example:build-setup -r https://npm-private.example.com -o example.-a <alias>: Configure an alias hostname for the registry specified with-r. This is useful for entries inyarn.lockthat point to a specific registry host, but should be resolved against another host, e.g. a proxy.-d: Perform a dry run without modifying any files.
Example
Configure the https://npm-private.example.com registry with the NPM_TOKEN from the build environment for packages like @example/my-package. Ensure that requests for https://npm-private.example.com actually go to https://npm-private-proxy.example.com.
build-setup -r https://npm-private.example.com -o example -a npm-private-proxy.example.com
FAQs
Private npm registry access for BB Pipelines builds
The npm package pipelines-private-npm receives a total of 642 weekly downloads. As such, pipelines-private-npm popularity was classified as not popular.
We found that pipelines-private-npm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Nov 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025