{"id":26287234,"url":"https://github.com/workleap/azure-devops-npm-auth","last_synced_at":"2025-05-07T17:49:38.596Z","repository":{"id":36942733,"uuid":"228750870","full_name":"workleap/azure-devops-npm-auth","owner":"workleap","description":"Uses the OAuth2 device code flow to authenticate against the Azure DevOps artifact private registry.","archived":false,"fork":false,"pushed_at":"2025-02-17T16:14:56.000Z","size":153,"stargazers_count":36,"open_issues_count":14,"forks_count":12,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-16T20:45:49.724Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/workleap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-18T03:33:39.000Z","updated_at":"2025-02-21T15:38:05.000Z","dependencies_parsed_at":"2025-02-18T15:52:44.067Z","dependency_job_id":"60b04c47-6733-422a-b0b8-6738c7103904","html_url":"https://github.com/workleap/azure-devops-npm-auth","commit_stats":{"total_commits":49,"total_committers":9,"mean_commits":5.444444444444445,"dds":0.5306122448979591,"last_synced_commit":"2271deb559f15fcaed6711a55937538a82b15e6d"},"previous_names":["workleap/azure-devops-npm-auth"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workleap%2Fazure-devops-npm-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workleap%2Fazure-devops-npm-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workleap%2Fazure-devops-npm-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workleap%2Fazure-devops-npm-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/workleap","download_url":"https://codeload.github.com/workleap/azure-devops-npm-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252931385,"owners_count":21827104,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-14T21:02:38.158Z","updated_at":"2025-05-07T17:49:38.577Z","avatar_url":"https://github.com/workleap.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# azure-devops-npm-auth\n\nUses the [OAuth 2 device code flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code) to authenticate against the Azure DevOps artifact private registry.\n\n## Why? 🤔\n\nMicrosoft provides the [vsts-npm-auth](https://www.npmjs.com/package/vsts-npm-auth) package for this task but sadly, it's not cross-platform and doesn't automatically handle token refresh.\n\nThere's also [better-vsts-npm-auth](https://www.npmjs.com/package/better-vsts-npm-auth) which solves these issues but requires manual setup (not ideal for a dev team) and authentication through a web app, which in my opinion isn't the best flow to use in the command line.\n\nThe **azure-devops-npm-auth** solves all these problems mainly by using the [OAuth 2 device code flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code).  Once authenticated, access and refresh tokens are then stored in the user's personal .npmrc file, keeping them secure and out of any code repository.\n\n## Installation 💪\n\nSimply run `npm i azure-devops-npm-auth --save-dev`.\n\n## Usage 🤷‍♂️\n\nFirst, add a pre-installation script to your `package.json` file like so:\n```javascript\n  \"scripts\": {\n    \"preinstall\": \"azure-devops-npm-auth\"\n    ...\n  },\n```\n\nThen, setup the project repository in the `.npmrc` file as documented in the Azure DevOps npm feed connection page:\n\n![az devops npm feed connection](https://i.imgur.com/M04u3i5.png)\n\nWhen installing packages using `npm i`, the preinstallation script will be executed and ask you to login using a device code:\n\n![az devops device code flow](https://i.imgur.com/aVYXRoO.png)\n\nFollow the instructions to login and authenticate npm to the Azure DevOps private feed.  The following installation should be able to use the **refresh token** and automate the task of authenticating:\n\n![az devops device code refresh](https://i.imgur.com/oC3YGHm.png)\n\n## Advanced Usage 🧙‍♂️\n\nIf you want to use your own Azure Active Directory application, it's possible to specify the `client_id` and `tenant_id` arguments:\n\n```javascript\n  \"scripts\": {\n    \"preinstall\": \"azure-devops-npm-auth --client_id='xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' --tenant_id='xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'\"\n    ...\n  },\n```\n\n*Note: If your Azure Active Directory application is configured to be multitenant, `tenant_id` can also be `common` (is the default; Work and school accounts or personal Microsoft accounts), `consumers` (personal Microsoft accounts) or `organizations` (work and school accounts)*.\n\nWhen creating your own Azure Active Direction application, under the authentication section, you need the configure it to be a public application:\n\n![aad public app](https://i.imgur.com/VeL9cGe.png)\n\nYou also need to add the required API permissions to have '`Azure DevOps user_impersonation`' and '`Microsoft Graph User.Read`':\n\n![aad api permissions](https://imgur.com/aVd51d0.png)\n\n### register-azure-devops-npm-auth.ps1\n\nTo automate the creation of the above AD app registration in *your* AD tenant:\n\n1. Ensure you have installed [azure-cli](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)\n2. Open a powershell core prompt (minimum version 6.1)\n3. Run `./register-azure-devops-npm-auth.ps1 -Login -InfA Continue`\n\nThis will open your default browser where you will need to login to Azure with credentials that has the Azure AD 'Global administrator' RBAC role\n\n### Continuous integration\n\nTo disable authentication within CI environments add the `--ci` flag which skips authentication when the `TF_BUILD` environment variable is set (which is automatically set in Azure DevOps build pipelines):\n```javascript\n  \"scripts\": {\n    \"preinstall\": \"azure-devops-npm-auth --ci\"\n    ...\n  },\n```\nIt's also possible to specify a custom environment variable:\n```javascript\n  \"scripts\": {\n    \"preinstall\": \"azure-devops-npm-auth --ci=MY_CUSTOM_VARIABLE\"\n    ...\n  },\n```\n\n### Project Base Path\n\nYou can pass in a path to customize the directory to look in for the project's .npmrc file. The default value is the current working directory:\n\n```javascript\n  \"scripts\": {\n    \"preinstall\": \"azure-devops-npm-auth --project_base_path=./configs\"\n    ...\n  },\n```\n\n*Note: this is the path to the directory that contains the .npmrc file, meaning you do **not** need to specify the .npmrc in the path.*\n\n## Special Thanks 👏\n\nI have to give thanks to the author(s) of [better-vsts-npm-auth](https://www.npmjs.com/package/better-vsts-npm-auth) which was a big inspiration of mine for this project.  Also, thanks to [openid-client](https://www.npmjs.com/package/openid-client) for simplifying the process of integrating the OAuth device code flow to the code.\n\n## License 👩‍⚖️\n\nCopyright © 2022, GSoft inc. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at https://github.com/gsoft-inc/gsoft-license/blob/master/LICENSE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fworkleap%2Fazure-devops-npm-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fworkleap%2Fazure-devops-npm-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fworkleap%2Fazure-devops-npm-auth/lists"}