Allows to install packages from a private npm repository while protecting the NPM token.
name: Install NPM Packages
uses: sueddeutsche/gha-npm-safe-install-from-private-repo@v3
with:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # NPM token stored in a secretname: Install NPM Packages
uses: sueddeutsche/gha-npm-safe-install-from-private-repo@v3
with:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # NPM token stored in a secret
registry-url: 'https://registry.npmjs.org' # optioonal defaults to https://registry.npmjs.org
node-version: '20' #optional: defaults to '20', for options see https://github.com/actions/setup-node#supported-version-syntaxInstalling packages the intuitive way may hold the inherent risk of exposing the NPM-Token to malicious packages. Therefore this actions ensures that precautionairy steps are taken to prevent this from happening while providing the normal ease of use for the developer.
see https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#use-private-packages
Wrapper around setup-nodedefault action.
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
