registry-auth-token
Advanced tools
The registry-auth-token npm package is designed to retrieve authentication tokens for accessing private npm registries. It parses npm configuration files to extract authentication information, which can be useful for automated scripts or tools that interact with npm registries.
Retrieve authentication token
This feature allows the retrieval of an authentication token from the user's npm configuration. The token can then be used for authenticated operations with npm registries.
const getAuthToken = require('registry-auth-token');
const token = getAuthToken();
console.log(token);Retrieve token with options
This feature extends the basic token retrieval by allowing options such as 'recursive' to be set, which controls how the npm configuration is parsed for authentication tokens.
const getAuthToken = require('registry-auth-token');
const options = { recursive: true };
const token = getAuthToken(options);
console.log(token);Similar to registry-auth-token, npm-registry-client interacts with npm registries but offers a broader set of functionalities including publishing packages, setting tags, and handling user authentication. It provides a more comprehensive interface for interacting with npm registries compared to the focused functionality of registry-auth-token.
While npm-profile is primarily focused on managing user profiles on the npm registry, it also deals with authentication aspects. It differs from registry-auth-token by providing functionalities to view and edit user profile details, which is not covered by registry-auth-token.
Get the auth token set for an npm registry from .npmrc. Also allows fetching the configured registry URL for a given npm scope.
npm install --save registry-auth-token
Returns an object containing token and type, or undefined if no token can be found. type can be either Bearer or Basic.
const getAuthToken = require('registry-auth-token')
const getRegistryUrl = require('registry-auth-token/registry-url')
// Get auth token and type for default `registry` set in `.npmrc`
console.log(getAuthToken()) // {token: 'someToken', type: 'Bearer'}
// Get auth token for a specific registry URL
console.log(getAuthToken('//registry.foo.bar'))
// Find the registry auth token for a given URL (with deep path):
// If registry is at `//some.host/registry`
// URL passed is `//some.host/registry/deep/path`
// Will find token the closest matching path; `//some.host/registry`
console.log(getAuthToken('//some.host/registry/deep/path', {recursive: true}))
// Use the npm config that is passed in
console.log(getAuthToken('//registry.foo.bar', {
npmrc: {
'registry': 'http://registry.foo.bar',
'//registry.foo.bar/:_authToken': 'qar'
}
}))
// Find the configured registry url for scope `@foobar`.
// Falls back to the global registry if not defined.
console.log(getRegistryUrl('@foobar'))
// Use the npm config that is passed in
console.log(getRegistryUrl('http://registry.foobar.eu/', {
'registry': 'http://registry.foobar.eu/',
'//registry.foobar.eu/:_authToken': 'qar'
}))
// If auth info can be found:
{token: 'someToken', type: 'Bearer'}
// Or:
{token: 'someOtherToken', type: 'Basic'}
// Or, if nothing is found:
undefined
Please be careful when using this. Leaking your auth token is dangerous.
MIT © Espen Hovlandsdal
[5.1.0] - 2025-02-07
FAQs
Get the auth token set for an npm registry (if any)
We found that registry-auth-token demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.