I need a module in my project to download a private npm package. To accomplish this, I am using a .npmrc file to supply a read-only token needed to download the package. To keep the token supplied by npm out of the file, I wish to add it as an environment variable and let it expand in the file. E.g:
# .npmrc
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
I can't figure out how to get that NPM_TOKEN added to the env before it is referenced for the install. I tried using an npm preinstall script:
"preinstall": "NPM_READ_ONLY_TOKEN=my_token_goes_here_foo_bar"**
But I still get the same error:
Error: Failed to replace env in config: ${NPM_READ_ONLY_TOKEN}
I tried testing with an echo command to see if preinstall runs before the .npmrc variable expansion, but it apparently does not. I would get the error and not see my echo log. I seem to be missing something here.
I'm aware that putting my token in package.json defeats the purpose of pulling the token out of the .npmrc file. I'm actually using a service that provides env config services that I would use to run a command and get the needed token. E.g. TOKEN=config_service_value.
