Overview
If your project depends on packages from a private npm registry, you can provide a custom.npmrc that Stably writes to the repository root before dependency installation in cloud agent sessions.
The .npmrc supports ${VAR_NAME} substitution — reference tokens stored as environment variables instead of hardcoding secrets. The resolved content is never logged.
All major package managers (npm, pnpm, yarn, bun) respect the project-level .npmrc.
Configuration
When linking your repository in the Stably dashboard, paste your.npmrc content into the .npmrc text area, using ${VAR_NAME} placeholders for secrets.
Stably provides built-in templates for common registries:
| Registry | Template |
|---|---|
| npm | //registry.npmjs.org/:_authToken=${NPM_TOKEN} |
| GitHub Packages | @scope:registry=https://npm.pkg.github.com + //npm.pkg.github.com/:_authToken=${GITHUB_TOKEN} |
| Sonatype Nexus | @scope:registry=https://nexus.example.com/repository/npm-private/ + //nexus.example.com/repository/npm-private/:_authToken=${NEXUS_TOKEN} |
@scope with your npm scope (e.g., @mycompany).
Example: GitHub Packages with a PAT
1. Create a GitHub Personal Access Token
Go to github.com/settings/tokens, generate a classic token with theread:packages scope, and copy it.
2. Store the token in Stably
In the Stably dashboard, go to Environments, select your environment, and add a variable namedGH_PAT with the token as the value. Mark it as Sensitive.
3. Configure the .npmrc
In your repository settings, paste into the.npmrc text area:
@your-org with your GitHub organization or username scope.
When a cloud session starts, Stably resolves ${GH_PAT} from your environment, writes the .npmrc, and your package manager authenticates with GitHub Packages during install.
Related
Environments
Create and manage environment variables for your projects
Setup Script
Run custom scripts during cloud session initialization