Last pnpm version that worked
11.5.2
pnpm version
11.5.3
Code to reproduce the issue
Up until I updated pnpm this morning, I was successfully authenticating to npmjs.org using config in .npmrc. But now I get this warning:
[WARN] Ignored project-level auth setting "//registry.npmjs.org/:_authToken" in "<elided>/.npmrc": environment variables are not expanded in repository-controlled registry credentials.
and authentication fails.
The release notes have this blurb:
Stopped expanding environment variables in repository-controlled registry/proxy request destinations and registry credential values from .npmrc, and in workspace registry URLs from pnpm-workspace.yaml. Move dynamic registry URL and token configuration to trusted user, global, CLI, or environment config.
but it isn't clear how to address this change.
Current pnpm documentation even mentions using an env var here: https://pnpm.io/npmrc.
How do I properly authenticate to download private packages now?
Expected behavior
Authentication works and private packages can be downloaded.
Actual behavior
Authentication fails
Additional information
No response
Node.js version
24
Operating System
Linux
Last pnpm version that worked
11.5.2
pnpm version
11.5.3
Code to reproduce the issue
Up until I updated pnpm this morning, I was successfully authenticating to npmjs.org using config in
.npmrc. But now I get this warning:and authentication fails.
The release notes have this blurb:
but it isn't clear how to address this change.
Current pnpm documentation even mentions using an env var here: https://pnpm.io/npmrc.
How do I properly authenticate to download private packages now?
Expected behavior
Authentication works and private packages can be downloaded.
Actual behavior
Authentication fails
Additional information
No response
Node.js version
24
Operating System
Linux