Authentication Settings
The settings on this page contain sensitive credentials and are stored in INI-formatted files. Do not commit these files to your repository.
For non-sensitive settings (proxy, SSL, registries, etc.), see Settings (pnpm-workspace.yaml).
Auth file locations
pnpm reads authentication settings from the following files, in order of priority (highest first):
<workspace root>/.npmrc— project-level auth. This file should be listed in.gitignore.<pnpm config>/auth.ini— the primary user-level auth file.pnpm loginwrites tokens here.~/.npmrc— read as a fallback for easier migration from npm. Use thenpmrcAuthFilesetting to point to a different file.
The <pnpm config> directory is:
- If the $XDG_CONFIG_HOME env variable is set: $XDG_CONFIG_HOME/pnpm/
- On Windows: ~/AppData/Local/pnpm/config/
- On macOS: ~/Library/Preferences/pnpm/
- On Linux: ~/.config/pnpm/
Authentication Settings
<URL>:_authToken
Define the authentication bearer token to use when accessing the specified registry. 例如:
//registry.npmjs.org/:_authToken=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
您也可以使用環境變量。 例如:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
<URL>:tokenHelper
A token helper is an executable which outputs an auth token. This can be used in situations where the authToken is not a constant value but is something that refreshes regularly, where a script or other tool can use an existing refresh token to obtain a new access token.
The configuration for the path to the helper must be an absolute path, with no arguments. In order to be secure, it is only permitted to set this value in the user .npmrc. Otherwise a project could place a value in a project's local .npmrc and run arbitrary executables.
Setting a token helper for the default registry:
tokenHelper=/home/ivan/token-generator
Setting a token helper for the specified registry:
//registry.corp.com:tokenHelper=/home/ivan/token-generator
Certificate Settings
ca
- 預設值:npm CA 憑證
- 類型:String (字符串)、陣列或 null
The Certificate Authority signing certificate that is trusted for SSL connections to the registry. 值應採用 PEM 格式 (也就是「Base-64 編碼的 X.509 (.CER)」)。 例如:
ca="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"
Set to null to only allow known registrars, or to a specific CA cert to trust only that specific signing authority.
Multiple CAs can be trusted by specifying an array of certificates:
ca[]="..."
ca[]="..."
See also the strictSsl setting.
cafile
- 預設值:null
- 類型:path
A path to a file containing one or multiple Certificate Authority signing certificates. Similar to the ca setting, but allows for multiple CAs, as well as for the CA information to be stored in a file instead of being specified via CLI.
<URL>:cafile
Define the path to a Certificate Authority file to use when accessing the specified registry. 例如:
//registry.npmjs.org/:cafile=ca-cert.pem
<URL>:ca
Added in: v10.25.0
Define an inline Certificate Authority certificate for the specified registry. The value must be PEM-encoded, like the global ca setting, but it only applies to the matching registry URL.
//registry.example.com/:ca=-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----
cert
- 預設值:null
- Type: String
A client certificate to pass when accessing the registry. Values should be in PEM format (AKA "Base-64 encoded X.509 (.CER)"). 範例:
cert="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"
It is not the path to a certificate file.
<URL>:cert
Added in: v10.25.0
Define an inline client certificate to use when accessing the specified registry. 例如:
//registry.example.com/:cert=-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----
<URL>:certfile
Define the path to a certificate file to use when accessing the specified registry. 範例:
//registry.npmjs.org/:certfile=server-cert.pem
key
- 預設值:null
- Type: String
A client key to pass when accessing the registry. Values should be in PEM format (AKA "Base-64 encoded X.509 (.CER)"). 範例:
key="-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----"
It is not the path to a key file. Use <URL>:keyfile if you need to reference the file system instead of inlining the key.
This setting contains sensitive information. Don't write it to a local .npmrc file committed to the repository.
<URL>:key
Added in: v10.25.0
Define an inline client key for the specified registry URL.
//registry.example.com/:key=-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----
<URL>:keyfile
Define the path to a client key file to use when accessing the specified registry. 範例:
//registry.npmjs.org/:keyfile=server-key.pem