diff --git a/docs/faq.md b/docs/faq.md index eb4cde9af702a66a76c3271b3429170470931777..15eeaffafda834f5bc87c31a96834edb15f5e859 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -21,6 +21,15 @@ Renovate will: Set configuration option `autodiscover` to `true`, via CLI, environment, or configuration file. Obviously it's too late to set it in any `renovate.json` or `package.json`. +### Support private npm modules + +If you are running your own Renovate instance, then the easiest way to support private modules is to make sure the appropriate credentials are in `~/.npmrc`; + +If you are using hosted Renovate instance, and your repository `package.json` includes private modules, then you can: + +1. Commit an `.npmrc` file to the repository, and Renovate will use this, or +2. If using the [GitHub App hosted service](https://github.com/apps/renovate), authorize the npm user named "renovate" with read-only access to the relevant modules. This "renovate" account is used solely for the purpose of the renovate GitHub App. + ### Control renovate's schedule Renovate itself will run as often as its administrator has configured it (e.g. hourly, daily, etc). But you may wish to update certain repositories less often, or even specific packages at a different schedule. diff --git a/lib/api/npm.js b/lib/api/npm.js index 4c27b2a4dd05b27aaa86629803398e876415c6cc..c74d63baa442dad279a67237a52feb14b4924403 100644 --- a/lib/api/npm.js +++ b/lib/api/npm.js @@ -36,6 +36,8 @@ async function getDependency(name, logger) { if (authInfo) { headers.authorization = `${authInfo.type} ${authInfo.token}`; + } else if (process.env.NPM_TOKEN) { + headers.authorization = `Bearer ${process.env.NPM_TOKEN}`; } // Cache based on combinatino of package URL and headers diff --git a/test/api/__snapshots__/npm.spec.js.snap b/test/api/__snapshots__/npm.spec.js.snap index fa8ed1ca6b27cb0c87b3f38ae0ac1d0fbf55f377..6a180eed7ae7ac4853cf88534c36574ea01bf958 100644 --- a/test/api/__snapshots__/npm.spec.js.snap +++ b/test/api/__snapshots__/npm.spec.js.snap @@ -46,6 +46,30 @@ Array [ ] `; +exports[`api/npm should use NPM_TOKEN if provided 1`] = ` +Object { + "dist-tags": undefined, + "homepage": "https://google.com", + "name": undefined, + "repositoryUrl": "https://google.com", + "versions": Object { + "0.0.1": Object {}, + }, +} +`; + +exports[`api/npm should use NPM_TOKEN if provided 2`] = ` +Array [ + "https://npm.mycustomregistry.com/foobar", + Object { + "headers": Object { + "authorization": "Bearer some-token", + }, + "json": true, + }, +] +`; + exports[`api/npm should use homepage 1`] = ` Object { "dist-tags": undefined, diff --git a/test/api/npm.spec.js b/test/api/npm.spec.js index 7ab26bebaf48185401532b92f4c7f6b70f5f7703..6cf7eabbb9ab2091982480866885b3318579c631 100644 --- a/test/api/npm.spec.js +++ b/test/api/npm.spec.js @@ -74,6 +74,17 @@ describe('api/npm', () => { const call = got.mock.calls[0]; expect(call).toMatchSnapshot(); }); + it('should use NPM_TOKEN if provided', async () => { + registryUrl.mockImplementation(() => 'https://npm.mycustomregistry.com/'); + got.mockImplementation(() => Promise.resolve(npmResponse)); + const oldToken = process.env.NPM_TOKEN; + process.env.NPM_TOKEN = 'some-token'; + const res = await npm.getDependency('foobar', logger); + process.env.NPM_TOKEN = oldToken; + expect(res).toMatchSnapshot(); + const call = got.mock.calls[0]; + expect(call).toMatchSnapshot(); + }); it('sets .npmrc', () => { npm.setNpmrc('input'); });