We have a private npm repository, hosted on npmjs.com. In order for CI users to install npm dependencies from our private repo, they need to have access to an npm token.You can create a new token by running npm login, and then checking your .npmrc file. But how do you manage all the tokens you've created? I don't see any way to associate a token with an application/user.And if I create tokens with my personal account credentials, what happens if I leave the company? Or say npm discloses some security leak, and we want to recreate all our tokens? How do we manage this?Also, it looks like if a user changes their account password, all their npm tokens are wiped clean.It seems like it would make more sense to have the CI user login to npm o every build, so we don't need to hardcode the tokens. But I don't see any non-interactive way to login.
Submitted November 08, 2017 at 06:05PM by edanschwartz
No comments:
Post a Comment