.npmrc Generator

Build a clean, copy-ready .npmrc file. Configure registries, scoped packages, auth tokens, proxies, and install defaults — then drop it in your project or home directory.

Quick Presets

Registry & Authentication

Never commit a real token. Use an environment variable like ${NPM_TOKEN} — npm expands it at install time so your secret stays out of version control.

Scoped Registries

No scoped registries. Add one to route packages like @my-org/* to a private or GitHub Packages registry.

Network & Proxy

Install Defaults

Omit dependency types on install

npm init Defaults

Generated .npmrc

Save as .npmrc in your project root (per-project) or your home directory (per-user).

# Your .npmrc is empty. Configure options above to generate it.

A project-level .npmrc overrides your global one. Commit non-secret settings; keep tokens in environment variables.

Verify the resolved config any time with npm config list or npm config get registry.

About .npmrc Generator

The .npmrc Generator is a free online tool that builds a clean, copy-ready .npmrc configuration file for npm. An .npmrc controls how npm resolves packages, authenticates with registries, talks through corporate proxies, and behaves on every npm install — from the default registry URL and scoped private registries to install flags like save-exact, engine-strict, and legacy-peer-deps.

npm reads .npmrc from several locations in order of priority: per-project (in your repo root), per-user (in your home directory), global, and built-in. This generator focuses on the settings you actually edit by hand, picks sensible defaults, and only writes the lines that differ from npm's defaults so your file stays minimal and readable.

Everything runs locally in your browser. Your registry URLs, tokens, and proxy settings are never sent to a server.

How to Use .npmrc Generator

  1. 1. Optionally start from a preset — npm registry, GitHub Packages, a private registry, a CI-friendly config, or a strict/reproducible setup.
  2. 2. Set your default registry URL and, if the registry is private, an auth token. Prefer an environment variable like ${NPM_TOKEN} instead of pasting a real secret.
  3. 3. Add scoped registries to route packages like @my-org/* to GitHub Packages or an internal registry.
  4. 4. Configure proxies if you're behind a corporate firewall, and tune install defaults — exact versions, lockfile behavior, audit, funding, and omitted dependency types.
  5. 5. Click Copy or Download and save the file as .npmrc in your project root (project-level) or home directory (user-level).
  6. 6. Verify with npm config list and confirm the registry with npm config get registry.

Common Use Cases

Authenticate with a private registry

Point npm at Verdaccio, Nexus, or Artifactory and supply a token via an environment variable for secure, automated installs.

Use GitHub Packages

Route @your-org packages to npm.pkg.github.com while keeping public packages on the default registry.

Reproducible CI builds

Pin exact versions, disable audit and funding noise, and prefer the offline cache to speed up and stabilize pipelines.

Work behind a corporate proxy

Set proxy, https-proxy, and noproxy so npm can reach the registry from inside a firewalled network.

Enforce team conventions

Turn on engine-strict and a lockfile so everyone installs compatible Node versions and identical dependency trees.

Resolve peer dependency conflicts

Enable legacy-peer-deps to install packages with mismatched peer ranges during migrations.

Frequently Asked Questions

Where should I put my .npmrc file?

A project-level .npmrc goes in your repository root and applies to that project (and is shared with your team). A user-level one lives in your home directory (~/.npmrc) and applies to everything you install. Project settings override user settings, which override global and built-in defaults.

How do I store an auth token safely?

Never commit a literal token. Reference an environment variable — npm expands ${NPM_TOKEN} at install time, so the committed .npmrc only contains the placeholder. Set the variable in your shell, CI secrets, or a local untracked file. For a user-level file with real tokens, keep it out of any repo.

What's the difference between save-exact and save-prefix?

save-prefix controls the range operator npm writes — ^ (caret, allow minor + patch) by default, or ~ (tilde, patch only). save-exact=true overrides both and pins the exact version with no range operator at all — the safest choice for reproducible builds.

How do I configure a scoped registry?

Add a scope like @my-org and a registry URL. The generator writes @my-org:registry=https://... plus a matching auth line. Only packages under that scope use the private registry; everything else still resolves from the default registry.

When should I use legacy-peer-deps?

npm 7+ installs peer dependencies strictly and fails on conflicts. legacy-peer-deps=true restores npm 6 behavior — peer deps are ignored during resolution. It's a useful escape hatch during migrations, but fix the underlying version conflicts when you can rather than leaving it on permanently.

Does this work for Yarn or pnpm?

Both Yarn (Classic) and pnpm read .npmrc for registry and auth settings, so the registry, scope, token, and proxy lines work across all three. Install-behavior flags such as save-exact and legacy-peer-deps are npm-specific; pnpm has its own equivalents.

Why does my .npmrc only show a few lines?

By design. The generator omits any setting left at npm's default so your file stays minimal — only the values you actually change are written. A short .npmrc is easier to review and less likely to surprise teammates.

Is my data sent to any server?

No. This tool runs entirely in your browser. Your registry URLs, tokens, proxy settings, and all other configuration never leave your device.