vsts-npm-auth
Advanced tools
Integrate npm and Azure Artifacts with this authentication bootstrapper.
npm install -g vsts-npm-auth
vsts-npm-auth -config path-to-your\.npmrc
registry=https://my-azure-artifacts-npm-registry-uri-here
always-auth=true
$ npm install -g vsts-npm-auth --registry https://registry.npmjs.com
$ vsts-npm-auth -config path-to-your\.npmrc
The auth helper is currently only functional on a Windows machine. Users on other platforms will need to get a Personal Access Token from their Azure DevOps Services (formerly Visual Studio Team Services) account and manually configure their user .npmrc
c:\>.\vsts-npm-auth.exe -?
Usage - vsts-npm-auth -options
GlobalOption Description
Help (-?) Shows this help
NonInteractive (-N) Don't allow interactively prompting for credentials to obtain a token
Config* (-C) Comma-separated list of paths to npm configuration file containing package sources to
acquire authentication tokens for
TargetConfig (-T) npm configuration file to write the generated tokens to. Usually user tokens are written to
%USERPROFILE%/.npmrc, ~/.npmrc or $HOME/.npmrc
ExpirationMinutes (-E) Minutes until acquired tokens should expire. [Default='129600']
ReadOnly (-R) Request a read-only token. If absent or false, a read-write token will be requested. This
parameter is effective only if the target configuration file has no token or a token that
is near or past expiration. To force token acquisition, use the -Force parameter.
[Default='False']
Force (-F) Force token acquisition. If absent or false, an existing token in the target configuration
file will only be replaced if it is near or past expiration. [Default='False']
Verbosity (-V) Display this amount of detail in the output: silent, quiet, normal, detailed.
Silent
Quiet
Normal
Detailed
FAQs
Auth Helper for npm in Azure Artifacts
The npm package vsts-npm-auth receives a total of 71,113 weekly downloads. As such, vsts-npm-auth popularity was classified as popular.
We found that vsts-npm-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.