Make it easier to publish and use NPM packages from GitLab's NPM registry

Problem to solve

There's a lot of friction when configuring a NPM package to use GitLab's NPM registry.

Intended users

Further details

The process of using or publishing a NPM package to GitLab's NPM registry is well documented (https://docs.gitlab.com/ee/user/packages/npm_registry/), but it involves a number of steps, some of which are rather complex:

  1. Update the project's .npmrc to point to GitLab's registry. Before the user can complete this step, they need to:
    1. create an OAuth token or a Personal Access Token
    2. find the project's ID
  2. Update the project's package.json with publishConfig info

I've worked through this process multiple times, and I still hit snags each time I do it.

Proposal

Publishing a package to a custom registry will always involve a little more work than publishing to https://npmjs.com, but there are a few ways we might make this easier.

Include instructions directly in the Packages page.

Azure DevOps does a decent job of this:

image

(Image from https://docs.microsoft.com/en-us/azure/devops/artifacts/get-started-npm?view=azure-devops&tabs=windows - ignore the red square.)

The screen above is accessible from a prominent "Connect to feed" button when viewing the registry's contents:

image

Automatically configure a project's .npmrc and package.json

Similar to the proposal in #33948 (closed), we could add a button to the UI that would automatically update a project's .npmrc and package.json (via a merge request).

Perhaps this button could even go as far as creating a new Personal Access Token and storing it as a NPM_TOKEN CI/CD variable (as described here).

Create a utility script that auto-configures a project locally

This would be in the same vein as Azure DevOps' vsts-npm-helper: https://www.npmjs.com/package/vsts-npm-auth.

What does success look like, and how can we measure that?

It would be great to do some user tests to better understand where users get stuck and how we can make the process easier. This would also help us validate that any changes we make are effective.