Feature request: enable .env for interpolating ${VARIABLES} in .npmrc


(Patrick Hillert) #1

I’ve stumbled across a problem which is not as ideal as it could be.

We use in some projects internal, self-hosted npm registries. These registries are secured by basic auth where I can authenticate against via npm on command line:

npm adduser --registry https://<my-repo-url>/ --always-auth

This command will update my ~/.npmrc with a bearer token for my repository. Then I open that file and copy that token which I now export as an environment variable:

export NPM_REGISTRY_TOKEN=ey...

This will now allow me to store a placeholder variable in my project’s local .npmrc. And this now allows us to commit the .npmrc to git (prevent leaking of any tokens).

Here’s how the .npmrc looks like:

always-auth=true
registry=https://<my-repo-url>/
//<my-repo-url>/:_authToken=${NPM_REGISTRY_TOKEN}

This not a very smooth procedure, as any developer have to export that env variable. And all new team members have always trouble setting up the token or simply forget to export them.

It would be much nicer to have a local .env file to store key/value pairs and add that .env to .gitignore (to prevent committing it). This will make it more visible that this project needs env variables. Furthermore it would also be possible to check in a .env.example into git with an example configuration.

I would be super happy if npm could respect and evaluate env’s set in .env. What do you think?