npm-login

Log in to a registry user account and save the credentials to the .npmrc file

$ npm login

$ npm login --registry [registry_url]

$ npm login --auth-type [legacy|web]

npm login [--scope=@org] [--registry=] [--auth-type=legacy|saml|oauth] [--always-auth] [--cert ] [--key ] [--ca ] [--https-proxy ] [--otp ]

--scope=@org
    Associate the login with a specific organization. Only relevant for scoped packages.

--registry=
    Specify a custom registry URL to login to. Defaults to the official npm registry.

--auth-type=legacy|saml|oauth
    Specify the authentication type. Legacy is the default, saml and oauth are for enterprise registries.

--always-auth
    Force npm to always require authentication. Useful in CI environments where authentication is always needed.

--cert
    Path to the client certificate file.

--key
    Path to the client private key file.

--ca
    Path to the certificate authority file.

--https-proxy
    Specify an HTTPS proxy to use for the login process.

--otp
    Supply a one-time password from your authenticator if you have two-factor authentication enabled.

The `npm-login` command is used to authenticate with the npm registry. This authentication process stores credentials in your `~/.npmrc` file, allowing you to publish packages, install private packages, and perform other actions requiring authorization.

It securely prompts for your npm username, password, and email address (if needed), verifying them against the npm registry. Successful login grants access to your npm account. This command is typically part of a workflow for publishing and managing npm packages. It uses the credentials store, thus it is recommended to use `npm config set` for configuration purposes.

Credentials are stored in plaintext within the `.npmrc` file. Consider using more secure alternatives for storing secrets, especially in shared environments or CI/CD pipelines. Be aware of the potential security implications of storing credentials locally, and take appropriate measures to protect your `.npmrc` file.

While `npm-login` is convenient, consider using `npm config set` with environment variables or dedicated secret management tools for automated environments. These alternatives offer better security and flexibility.

Always be mindful of the security implications when storing credentials. Ensure your `.npmrc` file has appropriate permissions (e.g., `chmod 600 ~/.npmrc`) to prevent unauthorized access.

The `npm-login` command has been part of npm since its early versions, providing a straightforward way to authenticate with the npm registry. Its usage has evolved with the introduction of features like scoped packages and different authentication methods like SAML and OAuth.

npm-adduser(1), npm-logout(1), npm-config(1)