Configuring npm
How to configure the npm package manager
Last updated
How to configure the npm package manager
Last updated
This page explains how to configure the npm package manager to pull packages from the Seal artifact server based on your existing setup.
Make sure you have the access token for the server ready.
The npm configuration is saved in the .npmrc
files, which can be global, per-user and per-project. We recommend using a per-project setup, which you can do by creating or editing the .npmrc
file in the project's root.
Our goal is to replace as your default registry with . The configuration file may still refer to other registries for privately scoped packages.
We want the .npmrc
file to look like this:
In the $PROJECT_ID
put the name of your project. This value will later be used in the reporting to indicate which project pulled which vulnerable package.
In the $TOKEN_IN_BASE64
we need to put the base64 value of the access token. To encode the token in base64 you can use echo -n $TOKEN | base64
on MacOS or echo -n $TOKEN | base64 -w0
on Ubuntu.
Now that the configuration is complete, you can run the following command to verify the authentication and authorization are working properly:
The output should look like this:
Go to JFrog's Artifactory configuration and create a new remote npm repository.
In the Basic configuration, choose whatever Repository Key you like.
Set https://npm.sealsecurity.io
as the URL.
In the User Name field use jfrog
.
In the Password / Access Token field paste the token you created earlier.
Click the Test
button. This will test whether the connection and authentication to the Seal artifact server is configured properly.
Save the new repository, and set it as the top priority remote repository in the virtual repository you're using.