@zkochan thanks for the answer.
The problem with PNPM_CONFIG_NPMRC_AUTH_FILE env variable is that the devs would need to inline it each time they want to do pnpm install.
The issue is that our devs work with multiple GitHub users across different orgs, so on disk they might have:
And each repo has a dependency on private GitHub packages for that org. So if we go with the PNPM_CONFIG_NPMRC_AUTH_FILE solution, we can't just have one in global scope, instead the devs would need to write this when they are in orgA repos
PNPM_CONFIG_NPMRC_AUTH_FILE=~/.npmrc.orgA pnpm install
and this when they are in orgB repos:
PNPM_CONFIG_NPMRC_AUTH_FILE=~/.npmrc.orgB pnpm install
So it makes it quite cumbersome compared to the old pnpm install. Adding alias or use a tool like direnv could potentially be used to automate it, but it would be nice not to have to bring in another tool to work around this if possible.
Regarding your suggestion, pnpm_config_//npm.pkg.github.com/@orgB:_authToken=XXXXX, I might be missing something, but I don't think that will work, or I'm testing it wrong.
The problem is that there's only one host for all organisations on github.com: npm.pkg.github.com. The host itself can't have the org in the path name pathname for github packages, so for orgA and orgB the scope declarations will be:
@orgA:registry=https://npm.pkg.github.com
@orgB:registry=https://npm.pkg.github.com
so both scopes point to the same host. If you try to change this to something like:
@orgA:registry=https://npm.pkg.github.com/@orgA
@orgB:registry=https://npm.pkg.github.com/@orgB
you'll just get 403 - Forbidden, as this isn't a valid path.
And if you instead try to put the scope/org only in the auth section, like this:
@orgA:registry=https://npm.pkg.github.com
@orgB:registry=https://npm.pkg.github.com
//npm.pkg.github.com/@orgA:_authToken=XXXXX
//npm.pkg.github.com/@orgB:_authToken=XXXXX
you get a 401 as when pnpm resolves the @orgA or @orgB scope, as it looks up the registry host https://npm.pkg.github.com and then tries to find an auth token keyed to that host (https://npm.pkg.github.com). But it looks like it will not match //npm.pkg.github.com/@orgA:_authToken or //npm.pkg.github.com/@orgB:_authToken, because those keys have a pathname section now.
So because .npmrc separates the scope declaration from the auth declaration, where the scope declaration maps a scope to a host and then auth declaration maps a host to a token, I don't see how I can target a specific scope with a unique token unless that scope also has a unique host.
In yarn you have .yarnrc like this:
yamlnpmScopes:
orgA:
npmAlwaysAuth: true
npmAuthToken: "${ORG_A_GITHUB_TOKEN:-no_token}"
npmRegistryServer: "https://npm.pkg.github.com"
orgB:
npmAlwaysAuth: true
npmAuthToken: "${ORG_B_GITHUB_TOKEN:-no_token}"
npmRegistryServer: "https://npm.pkg.github.com"
where both the host and the auth token sit under the scope settings. I haven't found anything similar in pnpm, which is why we previously used the different env variables per org setup. It doesn't solve all the problems yarn does with totally separate scopes, but as long as orgs don't need to reference packages from each other, it works okay.
But as I said, I might be missing something or have misunderstood what you meant. I'm currently testing with pnpm 11.6.0.
Originally posted by @fredriknils in #12314