I'm using Gem Fury for some of our private packages. I set the yarn registry to use their proxy for public and our private node modules:
yarn config set registry "https://npm-proxy.fury.io/$GEMFURY_TOKEN/username"
GEMFURY_TOKEN
is set in .bash
. yarn config get registry
produces:
https://npm-proxy.fury.io/$(GEMFURY_TOKEN)/username
When we run yarn
, the yarn.lock
file will generate this:
[email protected]:
version "0.1.0"
resolved "https://npm.fury.io/username/private-module/-/0.1.0.tgz?auth=<GEMFURY TOKEN>"
dependencies:
ember-cli-babel "^5.1.6"
[email protected]:
version "0.1.4"
resolved "https://npm.fury.io/username/private-module-2/-/0.1.4.tgz?auth=<GEMFURY TOKEN>"
dependencies:
ember-cli-babel "^5.1.6"
ember-inflector "^1.9.6"
I don't want private tokens in the git repository. Is there a way I can exclude the token from being added to the yarn.lock
file on generation?
Try to set up
npm
as described in Gem Fury documentation. The crucial parts are settingalways-auth
totrue
and usingnpm login
If this doesn't help then you can use
Git
pre-commit hooks that will remove credentials fromyarn.lock
when changes are commited toGit
repository.