This guide is relevant for Snyk UI integrations only, the CLI already supports yarn and npm projects with private npm Teams and npm Enterprise registries
You can add configuration to tell Snyk where your private npm Teams and npm Enterprise Node.js packages are hosted and what scope they are under.
This is the same information you would normally add in your
Once configured, Snyk will use this information to access private dependencies when creating Pull/Merge Requests, by allowing yarn/npm to reach those deps in order to regenerate the lockfile.
This feature is available with Enterprise plans. See Pricing plans for more details.
- Go to
- If you have not previously connected to npm Teams or npm Enterprise you will be asked to configure an integration first, see npm Teams & npm Enterprise Registry Settings below
- Once you have set up the integration, select “Add registry configuration”
- Select "npm" as the Package source
- If you want to configure this registry as default registry url, then leave scope blank
- If you want to configure only scoped packages to use this registry then add a scope
- If you want to add a mix of default registry url and scoped packages, add multiple configurations - one for the default and one per scope.
- When you have added all the registries and scopes you want, hit Update settings.
- Now test it out - open a Pull/Merge Request on a project that contains private dependencies to see a lockfile updated and included in the Snyk Fix Pull Request where previously none was generated
npm Teams & npm Enterprise Registry Settings
You can configure token based authentication for npm Teams and npm Enterprise integrations.
- Go to
Settings > Integrations > Package Repositories > npm
- You should see this screen at the beginning.
- Enter Public URL
- Enter Token
- Press Save