npm-adduser

Create a new user in the specified registry and save credentials to .npmrc

$ npm adduser --registry [registry_url]

$ npm login --scope [@mycorp] --registry [https://registry.mycorp.com]

$ npm logout --scope [@mycorp]

$ npm init --scope [@foo] [[-y|--yes]]

npm adduser [--registry=] [--scope=] [--always-auth]

--registry=
    Specifies the registry URL to use for adding the user. Defaults to the configured registry URL (usually `https://registry.npmjs.org/`).

--scope=
    Associates the new user and credentials with a specific scope. This is used when publishing scoped packages to a private registry. Example: `--scope=@my-company`.

--always-auth
    Forces npm to always require authentication when accessing the specified registry. Useful when working with private registries.

--auth-type=
    Type of authentication to use, defaults to 'legacy'. Valid values are 'legacy', 'saml', 'oauth'. Deprecated

The `npm adduser` command is used to create or update user credentials for the npm registry. It prompts the user for a username, password, and email address, which are then securely stored in the npm configuration. This command allows users to publish and manage packages on the npm registry.

It supports different authentication methods based on the npm registry URL being used. For example, using it with a private registry might require a token instead of a password. The credentials used are stored in the user's `.npmrc` file, which npm uses to authenticate subsequent commands like `npm publish` and `npm install` with private packages. Note that passwords entered are never stored plaintext in the .npmrc, but instead are encrypted or represented with tokens. The npm CLI uses a credential helper to assist with secure password and token storage.

Credentials are stored in the `.npmrc` file and should be protected appropriately. Using environment variables to configure the username and password may expose them. When using with third party registries it's vital to double check domain ownership to ensure the correct registry is used. 2FA should be enabled when available.

The `npm adduser` command handles authentication with the npm registry or a private registry. It uses the provided credentials to generate an authentication token or store encrypted credentials in the `.npmrc` file. Subsequent npm commands use these credentials to authenticate with the registry. Ensure the registry supports the authentication method being used (e.g., basic authentication, token-based authentication).

The auth token is used in the authorization header with the 'Bearer ' prefix. When working with legacy registries, it may use the '_authToken' key in the .npmrc file.

The `--scope` parameter allows you to associate the created user with a specific scope, typically used for publishing scoped packages (`@scope/package-name`) to private npm registries. This enables fine-grained control over package visibility and access.

npm login(1), npm publish(1), npm config(1), npm whoami(1)