how to fix the "npm WARN config `_auth`, `_authToken`, `username` and `_password` must be scoped to a registry." issue

Question

Any time I use nom command I get this warning in the beginning:

npm WARN config `_auth`, `_authToken`, `username` and `_password` must be scoped to a registry. see `npm help npmrc` for more information.
npm WARN config `_auth`, `_authToken`, `username` and `_password` must be scoped to a registry. see `npm help npmrc` for more information.

I've checked my .npmrc file, but the file that opens with the npm config edit looks fine for me, as there should not be such a problem.

That's my .npmrc with stripped comments and replaced sensitive data (all the structure is correct):

@my_scope:registry=https://registryurl/npm/
//registryurl/npm/:_password="[secret]"
//registryurl/npm/:[email protected]
//https://registryurl/npm/:_password=YOUR_BASE64_PASSWORD
//https://registryurl/npm/:always-auth=true
//https://registryurl/npm/:[email protected]
//https://registryurl/npm/:[email protected]
always-auth=true
[email protected]
registry=//registryurl/npm/

What could possibly be wrong?

Answer 1

I have also encountered this warning every time I use npm commands after upgrading to NodeJS version 16, I was also wondering what was causing the warning.

What resolved the issue for me was deleting the keys mentioned in the warning, using this command:

npm config delete key _auth _authToken username _password

This deleted the old entries on my user's .npmrc (I'm using Windows 11 and this file is located inside C:\Users\<your.user>\.npmrc)

Since we're now using a .npmrc file within our git repository (unaffected by npm config) which uses the newer auth related config convention, this approach worked effectively for me.