chainguard-dev · s-stumbo · May 6, 2026 · angela-zhang · May 6, 2026
@@ -521,16 +521,28 @@ pnpm init
 For testing purposes, you can use direct access and environment variables as
 detailed in the [access documentation](/chainguard/libraries/access/#env). 
 
-Once
-the environment variables are set, the following steps configure registry
+Once the environment variables are set, the following steps configure registry
 access and authentication in the `.npmrc` file in the current project
 directory:
 
+```bash
+export token=$(echo -n "${CHAINGUARD_JAVASCRIPT_IDENTITY_ID}:${CHAINGUARD_JAVASCRIPT_TOKEN}" | base64 -w 0)
+
+pnpm config set registry https://libraries.cgr.dev/javascript/ --location=project
+pnpm config set //libraries.cgr.dev/javascript/:_auth "${token}" --location=project
+```
+
+Note that the `-w 0` option for `base64` is required and supported by the GNU
+coreutils versions included in most operating systems. To avoid the use of
+`base64`, which can behave differently across operating systems, you can
+alternatively set `username` and `_password` instead of `auth` with a token.
+
 ```shell
-chainctl auth configure-npm --pull-token
+pnpm config set //libraries.cgr.dev/javascript/:username "${CHAINGUARD_JAVASCRIPT_IDENTITY_ID}" --location=project
+pnpm config set //libraries.cgr.dev/javascript/:_password "${CHAINGUARD_JAVASCRIPT_TOKEN}" --location=project
 ```
 
-[This command](/chainguard/chainctl/chainctl-docs/chainctl_auth_configure-npm/) creates a pull token (valid for 30 days by default) scoped to your organization and writes a project-level `.npmrc` with the registry URL and base64-encoded credentials. If this command returns an error, ensure that you are using the [latest version of `chainctl`](/chainguard/chainctl-usage/how-to-install-chainctl/#updating-chainctl).
+Also note that the trailing slash in the registry URL is required.
 
 Add dependencies for your project into the `package.json` file to test retrieval
 from Chainguard Libraries, build the project, and list the dependencies: