Let’s tackle this 401 authorization error head-on. The core issue here is that your CI environment can’t authenticate with Verdaccio when publishing scoped packages, and interactive npm adduser isn’t an option. Here are the most reliable solutions:

1. Pre-configure Verdaccio Users (Recommended for CI) #

Instead of creating users on the fly in your Dockerfile, you should predefine a valid user in Verdaccio’s configuration. Verdaccio uses an htpasswd file to store user credentials, so you can set this up in your GitLab CI service definition:

• First, generate an encrypted password for your user using the htpasswd tool (run this locally):

  htpasswd -B -c ./htpasswd your-ci-user
  

  This creates an htpasswd file with your user’s hashed password.

• Mount this file into your Verdaccio service in .gitlab-ci.yml:

  services:
    - name: verdaccio/verdaccio
      alias: verdaccio
      volumes:
        - ./htpasswd:/verdaccio/conf/htpasswd
  

  This ensures Verdaccio starts with the preconfigured user, so your CI jobs can use these credentials to authenticate.

2. Set Up npm Authentication Directly in Dockerfile #

You don’t need npm adduser—you can directly write authentication details to the .npmrc file in your Docker build, avoiding interactive prompts entirely.

Option A: Use Auth Token #

If you have an existing Verdaccio auth token (generate it locally with npm login then copy it from your local .npmrc), add this to your Dockerfile:

# Configure scoped package registry and auth
RUN echo "@scope:registry=http://verdaccio:4873/" > /home/app/.npmrc
RUN echo "//verdaccio:4873/:_authToken=YOUR_VERDACCIO_AUTH_TOKEN" >> /home/app/.npmrc

Option B: Use Username/Password (Base64 Encoded) #

Convert your username and password to a Base64 string (run this locally):

echo -n "your-ci-user:your-ci-password" | base64

Then add it to your Dockerfile:

RUN echo "@scope:registry=http://verdaccio:4873/" > /home/app/.npmrc
RUN echo "//verdaccio:4873/:auth=BASE64_ENCODED_CREDENTIALS" >> /home/app/.npmrc

Securely Pass Credentials with GitLab CI Variables #

Never hardcode credentials in your Dockerfile. Instead, use GitLab CI variables to pass them as build arguments:

1. Store VERDACCIO_USER and VERDACCIO_PASSWORD as protected variables in your GitLab project settings.
2. Update your .gitlab-ci.yml build command:

   build:
     script:
       - docker build --build-arg VERDACCIO_USER=$VERDACCIO_USER --build-arg VERDACCIO_PASSWORD=$VERDACCIO_PASSWORD .
   

3. Modify your Dockerfile to use these arguments:

   ARG VERDACCIO_USER
   ARG VERDACCIO_PASSWORD
   RUN echo "@scope:registry=http://verdaccio:4873/" > /home/app/.npmrc
   RUN echo "//verdaccio:4873/:_auth=$(echo -n "$VERDACCIO_USER:$VERDACCIO_PASSWORD" | base64)" >> /home/app/.npmrc
   

3. Temporary Anonymous Publish (Not Recommended for Production) #

If you’re working in a test environment and need a quick workaround, you can disable authentication for publishing scoped packages in Verdaccio’s config. However, this is unsafe for production as it allows anyone to publish to your registry.

Update your Verdaccio config.yaml (mount this file into the service like the htpasswd file):

packages:
  '@scope/*':
    access: $all  # Allow anyone to read packages
    publish: $anonymous  # Allow anonymous publishing
    unpublish: $anonymous

内容的提问来源于stack exchange，提问作者user2473015