Skip to content

An example of publishing a private Node package to a private npm registry hosted by Keygen

Notifications You must be signed in to change notification settings

keygen-sh/example-private-npm-package

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Publishing a private npm module to Keygen

See blog post: https://keygen.sh/blog/how-to-license-and-distribute-commercial-node-modules/

Configuration

First up, configure a couple environment variables. The values below are for our demo account, which can be used in this example.

# Your Keygen product API token
export KEYGEN_PRODUCT_TOKEN="prod-xxx"

# Your Keygen account ID
export KEYGEN_ACCOUNT_ID="1fddcec8-8dd3-4d8d-9b16-215cac0f9b52"

# Your Keygen product ID
export KEYGEN_PRODUCT_ID="028e670a-9cc7-4dd2-af9e-78af5ccaf27f"

These environment variables will be used for creating new releases and uploading artifacts to the distribution API. All releases created will be for KEYGEN_PRODUCT_ID.

Publishing the module

To package and publish the module to Keygen, run the publish script:

npm run publish

This will perform the following, using the version set in package.json:

  1. Package the module into a tarball using npm pack
  2. Upload the tarball artifact to Keygen
  3. Update the npm manifest artifact

Using the registry

To use Keygen as a private npm registry, we'll need to configure npm to retrieve modules under the @demo scope from Keygen. You should change demo to whatever your account identifier is.

npm config set @demo:registry 'https://api.keygen.sh/v1/accounts/demo/artifacts/'
npm config set "//api.keygen.sh/v1/accounts/demo/artifacts/:_authToken" "$KEYGEN_TOKEN"

For example, KEYGEN_TOKEN could be a license token for an end-user.

Avoiding hardcoding tokens in .npmrc

If you'd rather not store your token in your global .npmrc, you can also tell npm to pull the token from an env variable. For example, this would pull the token from a KEYGEN_TOKEN env var: (note single quotes)

npm config set @demo:registry 'https://api.keygen.sh/v1/accounts/demo/artifacts/'
npm config set '//api.keygen.sh/v1/accounts/demo/artifacts/:_authToken=${KEYGEN_TOKEN}'

Project-specific .npmrc for CI/CD

Use a project-specific .npmrc file with a variable for your token to securely authenticate your CI/CD server. Project-specific .npmrc files can be safely checked into version control, since the token is not hardcoded:

@demo:registry=https://api.keygen.sh/v1/accounts/demo/artifacts/
//api.keygen.sh/v1/accounts/demo/artifacts/:_authToken=${KEYGEN_TOKEN}

Installing the module

Next, we can install the module, which npm should retrieve from Keygen:

npm install -g @demo/hello-world