GitAuto Logo
  1. Home
  2. Pricing
  3. Docs
  4. Dashboard
  5. Blog
  6. Contact
  1. Home
  2. How It Works
  3. Use Cases
  4. Pricing
  5. Docs
  6. Dashboard
  7. FAQ
  8. Blog
  9. Contact

npm Integration

Overview

GitAuto uses your npm token to access private packages during test generation. This ensures that all dependencies are available when running build tools like ESLint, Prettier, TypeScript compiler, and test frameworks.

Why npm Token is Required

When GitAuto generates tests for your repository, it needs to:

  • Install all npm packages including private ones from your organization
  • Run ESLint to ensure generated code follows your linting rules
  • Run Prettier to format code according to your style guide
  • Run TypeScript compiler (tsc) to check for type errors
  • Run your test suite to verify generated tests work correctly

Without a valid npm token, installations of private packages will fail, preventing these tools from running properly.

How to Configure

Step 1: Generate npm Token

Visit npm token settings and click "Generate New Token". Use these settings:

Token name:

Any name you prefer (e.g., "GitAuto")

Packages and scopes - Permissions:

Read-only (GitAuto only needs to install packages, not publish them)

Select packages:

All packages (recommended - applies to current and future packages automatically)

Organizations - Permissions:

No access (this permission is only for managing organization settings/teams, not for installing packages)

Bypass two-factor authentication:

Check this box - GitAuto runs in automated environments and cannot provide 2FA codes

Allowed IP ranges:

Leave empty (not required)

Expiration:

Choose Custom and set to 365 days (1 year). Since read-only tokens have lower security risk than write tokens, setting the maximum expiration reduces maintenance overhead. npm tokens cannot be refreshed - when expired, you must generate a new token and update it in GitAuto.

Step 2: Configure in GitAuto

Go to npm Integration Settings in GitAuto.

  1. Select your organization from the dropdown
  2. Paste your npm access token
  3. Click Save

Step 3: Automatic Verification

When you save your token, GitAuto automatically verifies it by calling the npm registry. If the token is invalid, you'll receive an immediate error message. Once saved successfully, GitAuto will use this token automatically when generating tests for repositories under your organization.

Token Scope Requirements

Your npm token needs the following minimum permissions:

  • Packages and scopes: Read-only, All packages - Required to install all packages (including organization-scoped ones like @yourorg/package). Use "All packages" to automatically include future packages.
  • Organizations: No access - Not needed (this permission is only for managing organization settings/teams)
  • Bypass two-factor authentication: Enabled - Required for automated CI/CD usage
  • IP ranges: Not required - Leave empty for use from any IP

Write/Publish permissions are not required as GitAuto only installs packages.

Security

Your npm token is stored securely in our database. GitAuto uses it only during test generation to install dependencies. The token is:

  • Protected by database-level access controls
  • Never exposed in logs or error messages
  • Only accessible by your organization
  • Used exclusively for npm package installation

Troubleshooting

Error when saving token

If you receive an error when saving your npm token, the token is likely invalid or expired. GitAuto verifies tokens immediately by testing them against the npm registry. Generate a new token from npm settings and try again.

Token expired

npm tokens cannot be refreshed or renewed. When your token expires, generate a new token from npm settings and update it in GitAuto. You'll see a validation error when trying to save an expired token.

Token scope issues

Ensure your token has "Read-only" permission and "All packages" selected. Tokens with limited package scope may not work for all your private packages.

Different token per repository needed

Currently, npm tokens are set at the organization level. If you need different tokens for different repositories, contact support.

Need Help with npm Integration?

Setting up private package access shouldn't be complicated. If you're running into issues with npm tokens or package installation, we're here to help!

Contact us and we'll get your integration working smoothly.

CircleCI IntegrationRepository Rules

Getting Started

  • Installation
  • Setup

Triggers

  • Overview
  • Schedule Trigger
  • Test Failure Trigger
  • Review Comment Trigger
  • Dashboard Trigger

Coverage Dashboard

  • Overview
  • Python Testing
  • JavaScript Testing
  • Java Testing
  • Go Testing
  • PHP Testing
  • Ruby Testing
  • Flutter Testing
  • Multi-Language
  • Coverage Charts

Customization

  • Repository Rules
  • Output Language
  • GITAUTO.md

Integrations

  • CircleCI Integration
  • npm Integration

How It Works

Context Enrichment

  • Line Numbers
  • Full File Reads
  • Test File Preloading
  • Test Naming Detection
  • Error Baselines
  • CI Log Cleaning
  • Trigger-Specific Prompts
  • Coding Standards

Output Auto-Correction

  • Diff Hunk Repair
  • Diff Prefix Repair
  • Tool Name Correction
  • Tool Argument Correction
  • Import Sorting
  • Trailing Space Removal
  • Final Newline
  • Line Ending Preservation
  • Sanitize Tool Arguments
  • Lint Disable Headers

Quality Verification

  • Formatting
  • Linting
  • Type Checking
  • Test Execution
  • Coverage Enforcement
  • phpcs / phpstan Support
  • PHPUnit Support
  • pytest Support
  • Snapshot Auto-Update
  • Untestable Detection
  • Should-Skip Detection
  • Dead Code Removal
  • Quality Check Scoring
  • Quality Checklist

Safety Guardrails

  • File Edit Restrictions
  • Temperature Zero
  • PR/Branch Checks
  • Race Condition Prevention
  • Bot Loop Prevention
  • Webhook Deduplication
  • Duplicate Error Hashing
  • Infrastructure Failure Detection
  • Strict Tool Schemas
  • No-Change Detection

Token/Cost Management

  • Token Trimming
  • Outdated Diff Removal
  • Stale File Replacement
  • Skip CI Intermediate
  • CI Log Deduplication
  • Web Fetch Summarization
  • Context Forgetting
  • File Query Routing
  • On-Demand Diff

Resilience & Recovery

  • Model Fallback
  • Overload Retry
  • Forced Verification
  • Error Files Editable

Hallucination Prevention

  • Web Search
  • URL Fetching
  • Anti-Hallucination Prompts
  • GITAUTO.md Restrictions
  • Review Response Guardrails

Ready to improve your test coverage?

Go from 0% to 90% test coverage with GitAuto. Start for free, no credit card required.

Install FreeContact Sales

Product

  • Home
  • Why GitAuto
  • What GitAuto Does
  • How It Works
  • Use Cases
  • How to Get Started
  • Solution
  • Pricing
  • Pricing Details
  • ROI Calculator
  • ROI Methodology
  • FAQ
  • Blog
  • Contact

Dashboard

  • Dashboard
  • Coverage Trends
  • File Coverage
  • Credits
  • Open PRs
  • Usage
  • Triggers
  • Actions
  • References
  • Rules
  • CircleCI Integration
  • npm Integration

Documentation

  • Docs
  • Getting Started
  • Setup
  • Triggers
  • Coverage Setup
  • Customization
  • How It Works
  • Auto Merge
  • CircleCI
  • npm

Legal

  • Privacy Policy
  • Terms of Service

Connect

  • GitHub
  • LinkedIn
  • Twitter
  • YouTube
GitAuto Logo© 2026 GitAuto, Inc. All Rights Reserved