npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

azure-artifacts-auth-check

v0.1.5

Published

Azure DevOps npm authentication preflight and setup CLI

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

werenskjoldwerenskjold

Keywords

azureazure-devopsnpmartifactsauthentication

Readme

azure-artifacts-auth-check

Cross-platform CLI for authenticating Azure DevOps Artifacts npm feeds.

  • Windows: Wrapper for vsts-npm-auth that uses native Windows authentication and Credential Manager
  • macOS/Linux: Manual PAT-based authentication with guided setup

The tool verifies stored credentials, handles authentication when required, writes the necessary entries to ~/.npmrc, and keeps the project .npmrc scoped registry settings up to date.

Installation

Use npx for one-off runs:

npx azure-artifacts-auth-check

Or install globally:

npm install -g azure-artifacts-auth-check

Windows users: On first run, the tool will automatically download and use vsts-npm-auth via npx (no manual installation needed).

Usage

Run the CLI inside your project directory (where azure-feed.config.json lives):

azure-artifacts-auth-check

To enforce the check before every install, add a preinstall hook in your package.json:

{
  "scripts": {
    "preinstall": "azure-artifacts-auth-check --silent"
  }
}

Using --silent avoids noise during routine installs; the command only prints when credentials need attention.

Options

azure-artifacts-auth-check [options]

Options:
  --config <path>        Path to azure-feed.config.json (defaults to ./azure-feed.config.json)
  --cwd <path>           Project directory (defaults to current working directory)
  --global-npmrc <path>  Override path to global ~/.npmrc
  --local-npmrc <path>   Override path to project .npmrc
  --use-pat              Force PAT authentication (skip vsts-npm-auth on Windows)
  --silent               Suppress normal output (only prints when action is required)
  --help                 Show usage information

Windows Users: By default, the tool uses vsts-npm-auth for native Windows authentication. If you prefer to use PAT-based authentication (like macOS/Linux), add the --use-pat flag:

azure-artifacts-auth-check --use-pat

Configuration

Create an azure-feed.config.json file in your project root:

{
  "feeds": [
    {
      "registryUrl": "https://contoso.pkgs.visualstudio.com/Apps/_packaging/Widgets/npm/registry/",
      "scope": "@contoso"
    }
  ]
}

Each feed entry supports:

  • registryUrl (required) — Azure DevOps npm feed URL.
  • scope (optional but recommended) — npm scope that maps to the feed.
  • organization, project, feed (optional) — only needed when you want to override values derived from the URL.
  • testPackage (optional) — package name the CLI should query instead of the synthetic probe.

How It Works

Common Steps (All Platforms)

  1. Locates azure-feed.config.json and resolves the feed metadata.
  2. Ensures scoped registry mappings exist in your project .npmrc.
  3. Checks ~/.npmrc for stored credentials per feed.
  4. Runs npm view against each feed to verify authentication.

A 404 during the probe is treated as success—only 401/403 errors trigger authentication.

Platform-Specific Authentication

Windows

When authentication is needed on Windows, the tool (by default):

  1. Writes registry URLs to ~/.npmrc (required by vsts-npm-auth)
  2. Invokes npx vsts-npm-auth -C ~/.npmrc
  3. Prompts for Azure DevOps login using native Windows authentication
  4. Stores credentials securely in Windows Credential Manager
  5. Verifies all feeds are authenticated

Benefits: Native Windows SSO, automatic credential refresh, secure storage in Credential Manager.

Alternative: Use --use-pat to skip vsts-npm-auth and use PAT-based authentication instead (same flow as macOS/Linux).

macOS/Linux

When authentication is needed on macOS or Linux, the tool:

  1. Groups feeds by organization
  2. Prompts you to create a PAT via the Azure DevOps web UI
  3. Accepts your PAT via stdin
  4. Base64 encodes the token (no leading colon) and writes to ~/.npmrc
  5. Verifies all feeds are authenticated

PAT Requirements

macOS/Linux: PAT authentication is required. Create a Personal Access Token (PAT) with Packaging → Read scope using the Azure DevOps web UI.

Windows: By default, PATs are not needed—the tool uses native Windows authentication via vsts-npm-auth. However, if you use the --use-pat flag, you'll need to create a PAT just like on macOS/Linux.

The CLI will guide you through the PAT creation process and base64 encode the token correctly (no leading colon) before writing to ~/.npmrc.

License

MIT