Authentication utility for private NPM registries hosted in Azure DevOps.
Last updated 2 months ago by ybelval .
Apache-2.0 · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install azure-devops-npm-auth 
SYNC missed versions from official npm registry.


Uses the OAuth 2 device code flow to authenticate against the Azure DevOps artifact private registry.

Why? ????

Microsoft provides the vsts-npm-auth package for this task but sadly, it's not cross-platform and doesn't automatically handle token refresh.

There's also better-vsts-npm-auth which solves these issues but requires manual setup (not ideal for a dev team) and authentication through a web app, which in my opinion isn't the best flow to use in the command line.

The azure-devops-npm-auth solves all these problems mainly by using the OAuth 2 device code flow. Once authenticated, access and refresh tokens are then stored in the user's personal .npmrc file, keeping them secure and out of any code repository.

Installation ????

Simply run npm i azure-devops-npm-auth --save-dev.

Usage ????‍♂️

First, add a pre-installation script to your package.json file like so:

  "scripts": {
    "preinstall": "azure-devops-npm-auth"

Then, setup the project repository in the .npmrc file as documented in the Azure DevOps npm feed connection page:

az devops npm feed connection

When installing packages using npm i, the preinstallation script will be executed and ask you to login using a device code:

az devops device code flow

Follow the instructions to login and authenticate npm to the Azure DevOps private feed. The following installation should be able to use the refresh token and automate the task of authenticating:

az devops device code refresh

Advanced Usage ????‍♂️

If you want to use your own Azure Active Directory application, it's possible to specify the client_id and tenant_id arguments:

  "scripts": {
    "preinstall": "azure-devops-npm-auth --client_id='xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' --tenant_id='xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'"

Note: If your Azure Active Directory application is configured to be multitenant, tenant_id can also be common (is the default; Work and school accounts or personal Microsoft accounts), consumers (personal Microsoft accounts) or organizations (work and school accounts).

When creating your own Azure Active Direction application, under the authentication section, you need the configure it to be a public application:

aad public app

You also need to add the required API permissions to have 'Azure DevOps user_impersonation' and 'Microsoft Graph User.Read':

aad api permissions

Continuous integration

To disable authentication within CI environments add the --ci flag which skips authentication when the TF_BUILD environment variable is set (which is automatically set in Azure DevOps build pipelines):

  "scripts": {
    "preinstall": "azure-devops-npm-auth --ci"

It's also possible to specify a custom environment variable:

  "scripts": {
    "preinstall": "azure-devops-npm-auth --ci=MY_CUSTOM_VARIABLE"

Special Thanks ????

I have to give thanks to the author(s) of better-vsts-npm-auth which was a big inspiration of mine for this project. Also, thanks to openid-client for simplifying the process of integrating the OAuth device code flow to the code.

License ????‍⚖️

Copyright © 2019, GSoft inc. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at

Current Tags

  • 1.0.7                                ...           latest (2 months ago)

11 Versions

  • 1.0.7                                ...           2 months ago
  • 1.0.6                                ...           4 months ago
  • 1.0.5                                ...           5 months ago
  • 1.0.4                                ...           5 months ago
  • 1.0.3                                ...           10 months ago
  • 1.0.2                                ...           10 months ago
  • 1.0.1                                ...           10 months ago
  • 1.0.0                                ...           10 months ago
  • 0.1.2                                ...           10 months ago
  • 0.1.1                                ...           10 months ago
  • 0.1.0                                ...           10 months ago
Maintainers (1)
Today 0
This Week 0
This Month 1
Last Day 0
Last Week 1
Last Month 0
Dependencies (7)
Dev Dependencies (7)
Dependents (0)

Copyright 2014 - 2016 © |