Manage Node.js packages
Artifact Registry supports Node.js packages that you manage with npm.
Overview
To get familiar with Node.js packages in Artifact Registry, you can try thequickstart.
When you are ready to learn more, read the following information:
- If you are new to npm, read about the following concepts:
- Create a Node.js package repository for your packages.
- Grant permissions to the account thatwill connect with the repository. Service accounts for common integrationswith Artifact Registry have defaultpermissions forrepositories in the same project.
- Configure your tools:
- Configure authentication for npm.
- Configure Cloud Build to upload and download packages.
- Learn aboutdeploying to Google Cloud runtime environments.
- Learn about managing packages.
Using scopes
An npm scope is a label for grouping packages. Scopes are necessary when youare working with multiple npm registries, including:
- Publishing and installing packages in different registries without the needto switch from one registry to another. For example, your builds might includepackages from both the public npm registry and an Artifact Registryrepository.
- Publishing the same packages to multiple Artifact Registry repositoriesacross Google Cloud projects, as well as other npm registries, withoutpackage name conflicts.
We recommend that you always set a scope for your repositories. If you do notspecify a scope when you publish or install package, npm uses the configureddefault registry, such as the public npm registry.
You set the scope for each Artifact Registry repository in the.npmrc configuration file. The same credentials for authentication applyacross the repositories.
The following example shows configuration for two Artifact Registryrepositories in different projects.
- The
@bluescope is for the repository in the projectblue-project. - The
@greenscope is for the repository in the projectgreen-project.
@blue:registry=https://us-central1-npm.pkg.dev/blue-project/blue-npm-repo///us-central1-npm.pkg.dev/blue-project/blue-npm-repo/:always-auth=true@green:registry=https://us-central1-npm.pkg.dev/green-project/green-npm-repo///us-central1-npm.pkg.dev/green-project/green-npm-repo/:_authToken=""//us-central1-npm.pkg.dev/green-project/green-npm-repo/:always-auth=trueAfter you have authenticated to Artifact Registry, you can upload a packageto a particular repository using the appropriate scope. For example, thefollowing command uploads a package to theblue-npm-repo in the projectblue-project:
npm publish @blue/blue-npm-repoFor more information about scopes, see thenpm documentation
Configuring npm
Settings used for authentication are stored in the.npmrc configuration file.You can configure an.npmrc file at the project, user, or global level.
When you configure authentication with Artifact Registry, you definethe repositories that you want to connect to and the credentials forauthentication.
- Artifact Registry repositories
We recommend setting the repository list in theper-project config file.This file is usually in the same directory as the
package.jsonfile in yournpm project. The Artifact Registry credential helper checks this.npmrcfile for your repositories by default.If you do not want to expose the repository paths in your source controlsystem, you can:
- Add the
.npmrcfilename your source control's list of files to ignore. - Store the repository list in your per-user confg file instead. Theper-user
.npmrcfile is in your user home directory, or is set with thenpm--userconfigparameter or$NPM_CONFIG_USERCONFIGenvironmentvariable. Settings in the per-user config file apply to all your projectsunless you override them at the project level.
- Add the
- Artifact Registry credentials
Store your credentials for Artifact Registry in theper-user configfile so that they are not available to other users. This file is located inyour user home directory, or is set with the npm
--userconfigparameter or$NPM_CONFIG_USERCONFIGenvironment variable.The Artifact Registrycredential helper is stored in the public npm registry and does not requireauthentication for installation.
You should retain any existing default registry configured in your.npmrc file.The default is typically set to the public npm registry athttps://registry.npmjs.org/.
To check the current default registry value run the command:
npmgetregistryFor more information about npm configuration files, see thenpm config file documentation.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.