Some package providers and organizations host packages on private package registries that require authentication to access.
If you’re a consumer or an organization member trying to access a scoped registry that requires authentication, you must configure your Package Manager user configuration file with npm authentication.
To set this access up:
The process of creating and accessing an npm authentication token is different for each registry provider. For example, JFrog’s Artifactory repository manager uses a different procedure to generate the authentication token from npm. This is an example of a typical procedure, but you need to follow the process recommended by the specific package registry provider for your scoped registry.
To fetch an authentication token from npm:
Install npm locally on your computer.
From a terminal, enter the following command to log in to the registry, replacing <registry url> with the URL of the registry server:
$ npm login --registry <registry url>
Locate and open the generated .npmrc file.
Locate either the _authToken or the _auth entry and copy its value (refer to the example that follows).
Depending on the registry, the token string can be a globally unique identifier (GUID), a token, or a proprietary-formatted string.
This is an example of an .npmrc file containing an _authToken attribute:
registry=https://example.com:1234/mylocation/
//example.com:1234/mylocation/:_authToken=<AUTH TOKEN>
This is an example of an .npmrc file containing an_auth attribute:
registry=https://example.com:1234/mylocation
_auth=<AUTH TOKEN>
email=<EMAIL>
always-auth=true
Store your token information for each scoped registry that requires authentication in the .upmconfig.toml user configuration file using the npmAuth configuration schema.
After you save this information to the configuration file, Package Manager will provide your authentication information on every request made to each registry in the file.
Follow these instructions to add your authentication information to the user configuration file:
Locate the .upmconfig.toml user configuration file. If the file doesn’t exist, create an empty text file.
Format your authentication information using a schema, depending on whether you’re using a Bearer (token-based) or Basic (Base64-encrypted) authentication mechanism.
[npmAuth."<REGISTRY URL>"]
<TOKEN-PROPERTY> = "<TOKEN-VALUE>"
email = "<EMAIL>"
alwaysAuth = <BOOLEAN>
The information in the following table explains how to specify the configuration file values:
| Entry | Description |
|---|---|
[npmAuth."<REGISTRY-URL>"] |
Required. URL of the registry. For example, [npmAuth."https://example.com:8081/mylocation"]. |
<TOKEN-PROPERTY> = "<TOKEN-VALUE>" |
Required. The authentication token generated from the npm registry. This can be a GUID, a token, or a proprietary-formatted string. For example, this can be either token = "<AUTH TOKEN>" (Bearer) or _auth = "<BASE64 TOKEN>" (Basic). |
| Optional. Email address for the user matching the user’s email on the registry. | |
| alwaysAuth | Optional. Set to true if the package metadata and tarballs aren’t located on the same server. Typically, you can copy the value from the .npmrc file you generated. |
[npmAuth."http://localhost:8081/myrepository/mylocation"]
token = "NpmToken.2348c7ea-6f86-3dbe-86b6-f257e86569a8"
alwaysAuth = true
[npmAuth."http://localhost:4873"]
token = "eaJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZWFsX2dyb3VwcyI6WyJwYXNjYWxsIl0sIm5hbWUiOiJwYXNjYWxsIiwiZ3JvdXBzIjpbIn"
[npmAuth."https://api.bintray.example/npm/mycompany/myregistry"]
token = "aGFzY2FsbDo4ZWIwNTM5NzBjNTI3OTIwYjQ4MDVkYzY2YWEzNmQxOTkyNDYzZjky"
email = "username@example.com"
alwaysAuth = true
These steps use Azure DevOps as an example, but the process is similar for any platform that uses a personal access token (PAT).
Before you begin, install Node.js if it’s not already installed.
Get your Azure DevOps personal access token (PAT), and have it ready for a later step. If you need to regenerate your PAT, log in to Azure DevOps (https://dev.azure.com) and go to User settings > Personal access tokens. For information about using PATs, refer to the Microsoft article, Use personal access tokens.
From a command line, run the following command:
node -e "require('readline').createInterface({input:process.stdin,output:process.stdout,historySize:0}).question('Enter PAT> ',p => {b64=Buffer.from(p.trim()).toString('base64');console.log(b64);process.exit();})"
At the Enter PAT prompt, type email:PAT, replacing:
email with the email associated with your Azure DevOps account and the email specified in the .upmconfig.toml filePAT with your PAT from the earlier stepThe command returns a Base64-encrypted string. Copy that string and assign it as the value for the _auth key in the .upmconfig.toml file.
[npmAuth."http://localhost:8081/myrepository/mylocation"]
_auth = "c19kaW5pcm9AaG90bWFpbC4jb206d3FzdzVhemU9Q=="
email = "username@example.com"
alwaysAuth = true
Did you find this page useful? Please give it a rating:
Thanks for rating this page!
What kind of problem would you like to report?
Thanks for letting us know! This page has been marked for review based on your feedback.
If you have time, you can provide more information to help us fix the problem faster.
Provide more information
You've told us this page needs code samples. If you'd like to help us further, you could provide a code sample, or tell us about what kind of code sample you'd like to see:
You've told us there are code samples on this page which don't work. If you know how to fix it, or have something better we could use instead, please let us know:
You've told us there is information missing from this page. Please tell us more about what's missing:
You've told us there is incorrect information on this page. If you know what we should change to make it correct, please tell us:
You've told us this page has unclear or confusing information. Please tell us more about what you found unclear or confusing, or let us know how we could make it clearer:
You've told us there is a spelling or grammar error on this page. Please tell us what's wrong:
You've told us this page has a problem. Please tell us more about what's wrong:
Thank you for helping to make the Unity documentation better!
Your feedback has been submitted as a ticket for our documentation team to review.
We are not able to reply to every ticket submitted.