How should I set _auth in .npmrc when using a Nexus https npm registry proxy?

After having looked at registry-client code I found the answer, here it is. I post it as it may help other people:

base64Encode(<username>:<password>)

By the way, there is an URL encoding, but it's authify.js that takes care of it.

The "socket hang up" problem I'm facing is due to the fact that if a proxy is set in Windows configuration, when launching npm from CLI (and not from a Maven build) all ```.npmrc`` proxy settings seem to be ignored while native proxy exclusions (for corporate urls) are ignored by npm. I'll open a ticket to report this weird behavior.


Sources: https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/npm-registry/npm-security & https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/npm-registry/publishing-npm-packages

  1. Configure registry (its important doing this before configuring the authentication in step 2, because the authentication settings will be based on the registry):

    npm config set registry="http://localhost:8081/repository/npm-internal/"

  2. Configure authentication using a line like the following example:

    npm config set _auth="$(echo -n 'username:password' | base64)"

  3. Check the current configuration using the following:

    npm config ls

  4. Publish your npm package:

    npm publish --registry http://localhost:8081/repository/npm-internal/


If you have authorization token you should not use username:password. I suggest you:

  1. Generate token

    • Delete your ~/.npmrc or rename it.
    • Make sure your env settings like $NPM_CONFIG_* are unset.
    • Verify that email and other settings are unset by using: npm config list
    • Log into the npm using: npm login --registry=https://nexus.whatever.registry/respository/npm-whatever-group/
    • Once you are logged - you are logged. The npm should generate a token for it in your ~/.npmrc. It will look like:

//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX

  1. You can use that token in your project, CI pipeline, and other ones. Make sure in your project .npmrc there is:

//nexus.whatever.registry/respository/npm-whatever-group/:_authToken=NpmToken.YOUR-LOVELY-TOKEN-IN-HEX email = <EMAIL_USED_FOR_TOKEN_GENERATION> always-auth = true registry = https://nexus.whatever.registry/respository/npm-whatever-group/

  1. If you have problems with authentication/certs:

    • add env variable (also to your CI/CD pipline) $NODE_EXTRA_CA_CERTS to point to /home/wherever/is/your/cert.pem
  2. For CI/CD pipelines (like gitlabs or jenikins):

    • consider replacing actual values from your .npmrc project file with ${RELEVANT_ENV_VARIABLES}. This way you will make them less visible and always self-updating on change of pipline.

Hope this help.