NPM insists on CodeArtifact, even on public registry

Question

I'm using npmrc to setup my corporate (using CodeArtifact) and public (using registry.npmjs.org) NPM registries.

The problem is that, even with the public profile selected, I keep getting an error that the authentication to CodeArtifact is missing. The only way to get rid of this is authenticating on CodeArtifact, which causes the auth token to be set to both profiles. After that, regardless the profile selected, both uses CodeArtifact as a registry.

I tried extreme measures and deleted all my profiles and create a single one set to registry.npmjs.org. Still, NPM (and Yarn) complain about missing auth to CodeArtifact.

Any ideas?

Answer 1

Assuming you are using aws codeartifact login --tool npm --repository my-repo --domain my-domain to login into aws you should use a more granular approach use the following commands:

# get endpoint 
endpoint = aws codeartifact get-repository-endpoint --domain my_domain --domain-owner 111122223333 --repository my_repo --format npm

# set a scoped registry
npm config set registry endpoint --scope=@my-package <- this is what you want

# get token
token = aws codeartifact get-authorization-token --domain my_domain --domain-owner 111122223333 --repository my_repo

# set token
npm config set //my_domain-111122223333.d.codeartifact.region.amazonaws.com/npm/my_repo/:_authToken=token

# always truth
npm config set //my_domain-111122223333.d.codeartifact.region.amazonaws.com/npm/my_repo/:always-auth=true

These commands are a deconstruction of aws codeartifact login --tool npm --repository my-repo --domain my-domain (more info), with the difference that instead of setting a general registry at your .npmrc file (used to set configurations for your npm) will set a scoped registry (more info). In this way you will be able to have you fetch your packages from the sources you want. In your case have access to registry.npmjs.org without being asked for auth.

Answer 2

Here is an enhanced solution as used in my bash script:

#!/bin/bash

COMPANY=my_company
REPOSITORY_NAME=my_repository

ACCOUNT_NO=$(aws sts get-caller-identity --query "Account" --output text)
ENDPOINT=$(aws codeartifact get-repository-endpoint --domain $COMPANY --domain-owner $ACCOUNT_NO --repository $REPOSITORY_NAME --format npm --output text)
TOKEN=$(aws codeartifact get-authorization-token --domain $COMPANY --domain-owner $ACCOUNT_NO --duration-seconds 43200 --query authorizationToken --output text)
npm config set @$COMPANY:registry $ENDPOINT
npm config set ${ENDPOINT:6}:_authToken=$TOKEN
npm config set ${ENDPOINT:6}:always-auth=true

I viewed the output of npm config list and it looks as if it was set up manually.

I tested and was able to download the private test (from CodeArtifact) and the totally public cypress:

npm install @my_company/test
npm install @my_company/[email protected]
npm install cypress