My project has an .npmrc located in its root, which contains the infamous ${NPM_TOKEN} hack and is required for CI, Staging, Production, etc.
In order to work around this reality, I’d like for developers to be able to tell npm to use an alternative .npmrc, which contains their _authToken, when installing dependencies. Something like, npm install . --npmrc=~/.npmrc. This would prevent them from having to pollute their system’s environment variables, .bash_profile, etc.
Is this currently possible? (Doesn’t seem so…) If not, are there any reasons why such an approach either wouldn’t be possible (highly unlikely) or wouldn’t be considered by the NPM team?
Advertisement
Answer
As luck would have it, this option already exists and can be used like so:
npm install . --userconfig=~/.npmrc