Overview
If your project depends on packages from a private npm registry, you can provide a custom.npmrc that Stably writes to the repository root before dependency installation in cloud agent sessions.
The .npmrc supports ${VAR_NAME} substitution — reference tokens stored as environment variables instead of hardcoding secrets. The resolved content is never logged.
All major package managers (npm, pnpm, yarn, bun) respect the project-level .npmrc.
Configuration
When linking your repository in the Stably dashboard, paste your.npmrc content into the .npmrc text area, using ${VAR_NAME} placeholders for secrets.
Stably provides built-in templates for common registries:
| Registry | Template |
|---|---|
| npm | //registry.npmjs.org/:_authToken=${NPM_TOKEN} |
| GitHub Packages | @scope:registry=https://npm.pkg.github.com + //npm.pkg.github.com/:_authToken=${GITHUB_TOKEN} |
| Sonatype Nexus | @scope:registry=https://nexus.example.com/repository/npm-private/ + //nexus.example.com/repository/npm-private/:_authToken=${NEXUS_TOKEN} |
@scope with your npm scope (e.g., @mycompany).
Example: GitHub Packages with a PAT
1. Create a GitHub Personal Access Token
Go to github.com/settings/tokens, generate a classic token with theread:packages scope, and copy it.
2. Store the token in Stably
In the Stably dashboard, go to Environments, select your environment, and add a variable namedGH_PAT with the token as the value. Mark it as Sensitive.
3. Configure the .npmrc
In your repository settings, paste into the.npmrc text area:
@your-org with your GitHub organization or username scope.
When a cloud session starts, Stably resolves ${GH_PAT} from your environment, writes the .npmrc, and your package manager authenticates with GitHub Packages during install.