It has been a while since NPMnpm is a software registry that serves over 1.3 million packages. npm is used by open source developers from all around the world to share and borrow code, as well as many businesses. There are three components to npm: the website the Command Line Interface (CLI) the registry Use the website to discover and download packages, create user profiles, and... had announced support for private modules – still, to make it with Docker you need some work to do. In this quick tip, you can learn how to use private Node.jsNode.js is an asynchronous event-driven JavaScript runtime and is the most effective when building scalable network applications. Node.js is free of locks, so there's no chance to dead-lock any process. modules with Docker.
During this guide I am going to use the RisingStack Alpine Node.js Docker image.
Setting up the Dockerfile
Let’s start with the following simple Dockerfile
:
It doesn’t do anything extraordinary, just grabs the Alpine image, copies over the package.json
file, installs the dependencies, copies the source files and starts the process.
Adding the NPM token
To access the private modules in NPM, we need to pass the NPM_TOKEN
environment variable to the Docker image.
The naive approach would be to add it using the ENV
:
ENV NPM_TOKEN=token
However, it does not work. The variables set with ENV
are for runtime only.
Luckily since Docker v1.9 there is a new flag available for passing in build-time environment variables: the --build-arg
. To make it work we have to modify our Dockerfile:
Note a couple of changes:
ARG
: with this we can tell Docker, that we will use theNPM_TOKEN
build argumentCOPY .npmrc
: using this line we add an.npmrc
file to the project. Its content://registry.npmjs.org/:_authToken=${NPM_TOKEN}
rm -f .npmrc
: simply remove the.npmrc
file afternpm install
is done
To build the image using this image and the token, you can run Docker:
docker build --build-arg NPM_TOKEN=${NPM_TOKEN} .
One thing to keep in mind: even if you delete the
.npmrc
it will be kept in the commit history – to clean your secret entirely up make sure to squash them.
Let me know if you have any questions or comments.