Azure DevOps Services | Azure DevOps Server 2022 | Azure DevOps Server 2020
Azure Artifacts enables developers to manage packages from various sources, including public registries like npmjs.com and private feeds. To authenticate with Azure Artifacts, you need to configure your .npmrc config file. This file stores feed URLs and credentials used by npm, and it allows you to customize client behavior such as setting up proxies, defining default package locations, or configuring access to private feeds. The .npmrc file is typically located in the user's home directory, but can also be created at the project level to override default settings.
Prerequisites
Connect to a feed
Azure Artifacts recommends using two separate .npmrc configuration files. One should be stored locally to store your credentials, while the other should be added to your project directory alongside your package.json to define your feed URL. This approach allows you to share your project-level configuration without exposing sensitive information.
To set up the credentials file, create or update the .npmrc file and include all necessary registry credentials. This enables the npm client to easily access your credentials for authentication.
The following steps guide you through setting up the project-level configuration file. Select the tab that corresponds to your development environment:
Note
vsts-npm-auth is not supported in Azure DevOps Server.
Sign in to your Azure DevOps organization, and then navigate to your project.
Select Artifacts, and then select your feed from the dropdown menu.
Select Connect to Feed and then select npm from the left navigation pane.
Add a .npmrc to your project, in the same directory as your package.json and paste the provided snippet from the Project setup section into the file.
Run the following command to get an Azure Artifacts token added to your user-level .npmrc file. You don’t need to run this every time—npm will return a 401 Unauthorized error when it’s time to refresh the token.
vsts-npm-auth -config .npmrc
Sign in to your Azure DevOps organization, and then navigate to your project.
Select Artifacts, and then select your feed from the dropdown menu.
Select Connect to Feed and then select npm from the left navigation pane.
Add a .npmrc file to your project's directory. This should be the same directory where your package.json file is located.
Paste the snippet provided in the Project setup section into your .npmrc file. Your file should look similar to the following:
registry=https://pkgs.dev.azure.com/<ORGANIZATION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/
always-auth=true
Setup credentials
Copy the following snippet and paste it into your user-level npmrc file:
Organization-scoped feed:
; begin auth token
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/:username=[ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
Project-scoped feed:
; begin auth token
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<ORGANIZATION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
Generate a personal access token with packaging read and write scopes.
Run the following command in a command prompt window. When prompted, paste your personal access token (PAT) and press Enter. The script will return a Base64-encoded version of your PAT, copy that value to use in the next step.
node -e "require('readline') .createInterface({input:process.stdin,output:process.stdout,historySize:0}) .question('PAT> ',p => { b64=Buffer.from(p.trim()).toString('base64');console.log(b64);process.exit(); })"
If you're using Linux or macOS, you can run the following command in your terminal to convert your personal access token (PAT) to a Base64-encoded string. Copy the resulting value to use in the next step.
echo -n "YOUR_PERSONAL_ACCESS-TOKEN" | base64
Replace the placeholders [BASE64_ENCODED_PERSONAL_ACCESS_TOKEN] in your user-level .npmrc file with the Base64-encoded personal access token you generated in the previous step.
Sign in to your Azure DevOps collection, and then navigate to your project.
Select Artifacts, select your feed from the dropdown menu, and then select Connect to Feed.
Select npm from the left, and then follow the steps in the Project setup section to configure your .npmrc. file and authenticate with your feed.
Sign in to your Azure DevOps collection, and then navigate to your project.
Select Artifacts, and then select your feed from the dropdown menu.
Select Connect to Feed and then select npm from the left navigation pane.
Add a .npmrc file in your project's directory, in the same directory as your package.json file, and paste the snippet provided in the Project setup section into your .npmrc file. Your file should look similar to the following:
registry=http://<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/
always-auth=true
Setup credentials
Copy the following snippet and paste it into your user-level .npmrc file:
Collection-scoped feed:
; begin auth token
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=DefaultCollection
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/:username=DefaultCollection
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
Project-scoped feed:
; begin auth token
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
Generate a personal access token with packaging read and write scopes.
Run the following command in a command prompt window. When prompted, paste your personal access token and press Enter. The script will return a Base64-encoded version of your PAT, copy that value to use in the next step.
node -e "require('readline') .createInterface({input:process.stdin,output:process.stdout,historySize:0}) .question('PAT> ',p => { b64=Buffer.from(p.trim()).toString('base64');console.log(b64);process.exit(); })"
Replace the placeholders [BASE64_ENCODED_PERSONAL_ACCESS_TOKEN] in your user-level .npmrc file with the Base64-encoded personal access token you generated in the previous step.
Sign in to your Azure DevOps collection, and then navigate to your project.
Select Artifacts, and then select Connect to feed.
Select npm from the left, and then follow the steps in the Project setup section to configure your .npmrc. file and authenticate with your feed.
Sign in to your Azure DevOps collection, and then navigate to your project.
Select Artifacts, and then select your feed from the dropdown menu.
Select Connect to Feed and then select npm from the left navigation pane.
Add a .npmrc file in your project's directory, in the same directory as your package.json file, and paste the snippet provided in the Project setup section into your .npmrc file. Your file should look similar to the following:
registry=http://<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/
always-auth=true
Note
For Debian, Ubuntu, and other community or enterprise distributions such as Fedora or Redhat make sure you've installed the prerequisites from the NodeSource distributions repository.
Setup credentials
Copy the following snippet and paste it into your user-level .npmrc file:
Collection-scoped feed:
; begin auth token
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=DefaultCollection
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/:username=DefaultCollection
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/_packaging/<FEED_NAME>/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
Project-scoped feed:
; begin auth token
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/registry/:email=npm requires email to be set but doesn't use the value
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:username=[ENTER_ANY_VALUE_BUT_NOT_AN_EMPTY_STRING]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//<SERVER_NAME>/<COLLECTION_NAME>/<PROJECT_NAME>/_packaging/<FEED_NAME>/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
Generate a personal access token with packaging read and write scopes.
Run the following command in a command prompt window. When prompted, paste your personal access token and press Enter. The script will return a Base64-encoded version of your PAT, copy that value to use in the next step.
node -e "require('readline') .createInterface({input:process.stdin,output:process.stdout,historySize:0}) .question('PAT> ',p => { b64=Buffer.from(p.trim()).toString('base64');console.log(b64);process.exit(); })"
Replace the placeholders [BASE64_ENCODED_PERSONAL_ACCESS_TOKEN] in your user-level .npmrc file with the Base64-encoded personal access token you generated in the previous step.
Related content