Gitlab CI publish npm to package registry need to authenticate

Hi everybody,

I have a typescript lib in a specific gitlab project.
I want to deploy the artifact to the GitLba package registry.
So I follow the documentation

I choosed to be in a project-level because it is the only package I have to publish for the moment.

So here are my config files :


Where xxxxxxxx are the 8 numbers of id found on the home page of my project

  - template: Jobs/Build.gitlab-ci.yml  #
image: node:latest

  - build
  - deploy

    - exists:
        - Dockerfile

    - exists:
        - package.json

  stage: deploy
    - echo "//${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
    - npm publish --verbose

But when the job runs, the deploy stage failed with this error :

$ npm publish --verbose
npm verb cli /usr/local/bin/node /usr/local/bin/npm
npm info using npm@9.6.7
npm info using node@v20.3.1
npm verb title npm publish
npm verb argv "publish" "--loglevel" "verbose"
npm verb logfile logs-max:10 dir:/root/.npm/_logs/2023-07-10T08_22_20_905Z-
npm verb logfile /root/.npm/_logs/2023-07-10T08_22_20_905Z-debug-0.log
npm verb publish [ '.' ]
npm notice 
npm notice package: <my-project-name>@0.0.0
npm notice === Tarball Contents === 
npm notice 27B   
npm notice 599B package.json
npm notice === Tarball Details === 
npm notice name:          <my-project-name>                  
npm notice version:       0.0.0                                   
npm notice filename:      <my-project-name>-0.0.0.tgz        
npm notice package size:  491 B                                   
npm notice unpacked size: 626 B                                   
npm notice shasum:        a7cbbb5124f124862d97d7b5d039884d7dda1c04
npm notice integrity:     sha512-eiT8BpHaxaGga[...]eDIZXmgzOmGEw==
npm notice total files:   2                                       
npm notice 
npm verb stack Error: This command requires you to be logged in to
npm verb stack     at Publish.exec (/usr/local/lib/node_modules/npm/lib/commands/publish.js:115:29)
npm verb stack     at async module.exports (/usr/local/lib/node_modules/npm/lib/cli.js:89:5)
npm verb cwd /builds/<my-account-name>/<my-group-name>/<my-project-name>
npm verb Linux 5.4.109+
npm verb node v20.3.1
npm verb npm  v9.6.7
npm ERR! need auth This command requires you to be logged in to
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm verb exit 1
npm verb code 1
npm ERR! A complete log of this run can be found in: /root/.npm/_logs/2023-07-10T08_22_20_905Z-debug-0.log
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1

What do I do wrong ?
Can I maybe use the autodevops for the build/publish part ? (But I do not found some doc on gitlab autodevops and package registry configuration)

Thank you for yours answers !

Ok I have misunderstand something and now it works, thanks to this website.

I had to set publishConfig with registry in my package.json.

  "name": "<my-app-name>",
  "version": "0.0.0",
  "type": "module",
  "main": "dist/src/index.js",
  "types": "dist/src/index.d.ts",
  "scripts": {
    "clean": "tsc --build --clean",
    "build": "npm run clean && tsc --build",
    "test": "echo \"Error: no test specified\" && exit 1",
    "circular-deps": "madge --ts-config ./tsconfig.json --extensions ts --circular ./src"
  "publishConfig": {
    "registry": "<my-project-id>/packages/npm/"
  "files": [
  "devDependencies": {
    "@types/node": "^20.2.5",
    "typescript": "^5.0.4"

The file .npmrc is now not commited in my repository.
And my .gitlab-ci.yml was not really updated (I have just set the environment depending on my branch).

I am looking know how to handle snapshots and release depending on the branch, but it is another subject, so I can closed this one.