npm Packages
Artifacts implements the npm registry protocol natively. Standard npm CLI commands (npm install, npm publish, npm search) work directly against your Artifacts repository with no plugins or adapters required.
Registry Configuration
Configure your .npmrc to point scoped packages at your Artifacts repository. Replace ORGSLUG and REPOSLUG with your actual organization and repository slugs.
Scoped packages (recommended)
# .npmrc (project root or ~/.npmrc)
@myscope:registry=https://artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/
//artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/:_authToken=${ARTIFACTS_TOKEN}
This tells npm to resolve any @myscope/* package from your Artifacts registry while leaving all other packages on the default npm registry.
Unscoped packages
# .npmrc
registry=https://artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/
//artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/:_authToken=${ARTIFACTS_TOKEN}
Tip: Use the
${ARTIFACTS_TOKEN}environment variable syntax in.npmrcrather than hardcoding the token. npm expands environment variables at runtime, so you can safely commit.npmrcto source control without exposing secrets.
Publishing
1. Set publishConfig in package.json
Add a publishConfig block to your package.json so npm publish targets the correct registry:
{
"name": "@myscope/my-package",
"version": "1.0.0",
"publishConfig": {
"registry": "https://artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/"
}
}
2. Publish
npm publish
Or specify the registry directly on the command line:
npm publish --registry https://artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/
Publishing requires a token with write scope.
Installing
With your .npmrc configured, install packages normally:
npm install @myscope/my-package
npm fetches the packument (package metadata) and tarballs from your Artifacts registry automatically.
Authentication
Artifacts accepts API tokens via the _authToken field in .npmrc. Tokens are prefixed with art_ and can be created in the web UI under Settings > API Tokens.
Three auth methods are supported across all Artifacts APIs:
| Method | Format | Typical use |
|---|---|---|
| API token (Bearer) | Authorization: Bearer art_... |
npm CLI via _authToken, curl |
| Basic auth | Authorization: Basic base64(token:art_...) |
Maven/Gradle compatibility |
| Firebase ID token | Authorization: Bearer ey... |
Web UI sessions |
For npm, the _authToken in .npmrc is sent as a Bearer token automatically.
Important: Never commit raw tokens to source control. Use environment variable interpolation (
${ARTIFACTS_TOKEN}) in.npmrcand set the variable in your shell or CI environment.
CI/CD Example
A GitHub Actions workflow that publishes on every tag push:
name: Publish npm Package
on:
push:
tags:
- 'v*'
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- run: npm ci
- name: Setup .npmrc
run: |
echo "@myscope:registry=https://artifacts.premex.se/api/npm/myorg/myrepo/" >> .npmrc
echo "//artifacts.premex.se/api/npm/myorg/myrepo/:_authToken=${{ secrets.ARTIFACTS_TOKEN }}" >> .npmrc
- run: npm publish
Add your API token as a repository secret named ARTIFACTS_TOKEN in your GitHub repo settings.
Scoped Packages
npm scopes (the @scope/ prefix) let you namespace packages and route them to different registries. With Artifacts, you typically map one scope to one Artifacts repository:
@frontend:registry=https://artifacts.premex.se/api/npm/myorg/frontend-packages/
@backend:registry=https://artifacts.premex.se/api/npm/myorg/backend-packages/
A single .npmrc can route multiple scopes to different Artifacts repos, or mix Artifacts with the public npm registry.
Scope naming
- Scopes in npm always start with
@(e.g.,@myscope) - The scope does not need to match your Artifacts org or repo name, but using a consistent naming convention is recommended
- Scoped names are stored as-is in Artifacts (e.g.,
@myscope/my-package)
Versions API
Query published versions for any package via a simple HTTP endpoint -- useful for CI/CD scripts, update checkers, or install scripts.
# JSON — all versions with metadata
curl -s https://artifacts.premex.se/api/v/ORGSLUG/REPOSLUG/PACKAGE/versions
# Plain text — latest version only
curl -s https://artifacts.premex.se/api/v/ORGSLUG/REPOSLUG/PACKAGE/versions?format=txt\&limit=1
This endpoint works for all package types. Public repos require no authentication.
Troubleshooting
401 Unauthorized
- Verify your token is valid and has not expired. Tokens can be checked in the web UI under Settings > API Tokens.
- Confirm the
_authTokenline in.npmrcmatches the registry URL exactly, including the trailing slash. - If using
${ARTIFACTS_TOKEN}, make sure the environment variable is set in your current shell session.
404 Not Found
- Check that the org slug and repo slug in the registry URL are correct.
- Verify the package has been published to the repository. You can check the web UI for the list of packages.
Wrong registry URL
The registry URL must follow this pattern exactly:
https://artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/
The trailing slash is required. A missing slash or extra path segments will cause resolution failures.
Missing scope in .npmrc
If npm install @myscope/my-package hits the public npm registry instead of Artifacts, make sure your .npmrc has the scope-to-registry mapping:
@myscope:registry=https://artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/
Without this line, npm defaults to registry.npmjs.org for all packages.
npm search returns no results
Verify you are passing the correct registry flag:
npm search --registry https://artifacts.premex.se/api/npm/ORGSLUG/REPOSLUG/ my-package