Update npm Package Registry documentation

Review changes
Download
Patches
Plain diff

Radamanthus Batnag requested to merge 352962-update-npm-registry-uri-fragment-in-npmrc into master Mar 17, 2023

Overview 13
Commits 11
Pipelines 11
Changes 1

Context

One of the challenges with the Package Registry authentication is installing a package that is dependent on another package. If package A has package B as a dependency, the npm CLI will:

authenticate to check if it can download package A
download package A
parse package A and determine its dependencies
authenticate to check if it can download package B
download package B

We recently added documentation for possible solutions to the above scenario, in !113374 (merged)

A community member noticed URI fragments can be used for authentication, and suggested using it as a possible improvement to the docs in this thread. With URI fragments, the authentication line(s) in .npmrc can be shorter and easier to read.

What does this MR do?

npm 8 introduced URI fragments in .npmrc. When authenticating with the Package Registry, you no longer have to specify the full URL like //gitlab.example.com/api/v4/projects/211234/packages/npm/:_authToken=abcdefg. You can instead use a URI fragment, e.g. //gitlab.example.com/:_authToken=abcdefg.

Authenticating with a URI fragment works only when installing an npm package. The full project URL is still needed when authenticating to publish a package. Thus, we only change the documentation for installing a package with this MR.

Related issues

#352962 (closed)

Author's checklist

Optional. Consider taking the GitLab Technical Writing Fundamentals course.
Follow the:
If you're adding or changing the main heading of the page (H1), ensure that the product tier badge is added.
If you are a GitLab team member, request a review based on:
- The documentation page's metadata.
- The associated Technical Writer.

If you are a GitLab team member and only adding documentation, do not add any of the following labels:

~"frontend"
~"backend"
~"type::bug"
~"database"

These labels cause the MR to be added to code verification QA issues.

Reviewer's checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.

If the content requires it, ensure the information is reviewed by a subject matter expert.
Technical writer review items:
- Ensure docs metadata is present and up-to-date.
- Ensure the appropriate labels are added to this MR.
- Ensure a release milestone is set.
- If relevant to this MR, ensure content topic type principles are in use, including:
  - The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
  - The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
  - Any task steps should be written as a numbered list.
  - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.

Edited Mar 20, 2023 by Radamanthus Batnag

Merge request reports

Assignee

Reviewers

Request review from

Time tracking