Configure npm registry via .npmrc

Mostly a note for me: I’ve done a quick test and it seems that npm info doesn’t respect packageJson.publishConfig.registry - which makes this very inconvenient for us because we can’t simply rely on calling npm info either way. Maybe we can use --registry only when packageJson.publishConfig.registry is defined and delegate figuring out the correct registry to npm in all other cases.

Probably the easiest way to fix this would be to update the code that looks up the correct registry to pass to the --registry flag to check for 4 places

My current thinking is that we should just avoid using --registry as much as possible and I will experiment with that. When done right it feels like it really should yield the best results without us reimplementing a whole bunch of stuff that is a little bit tricky to get 100% right from the start

npm won’t use the NPM_TOKEN environment variable, since that is for the default registry

Do you simply refer to the NPM_TOKEN used by our GitHub action since we only set it up in .npmrc for the default registry or are you referring to a broader standard? in other words - Is NPM_TOKEN used by npm itself anyhow?

@hayes thank you once again for the detailed write up about this issue. This has helped me to understand the complexity involved here much better. I’m currently working on improving the compatibility with publishing using pnpm and yarn - when I land this work I will be looking into fixing this one as it’s a very important feature that is not working correctly right now. I have very limited time resources though - so it won’t happen over night, please bear with me 😉

I have no idea how to use this. When this gets picked up over registry?

I think this should get used any time you install OR publish a package from that scope

What you wrote above looks like it matches my understanding