We are have Nodejs API written in Typescript. We are using NPM Packages from Gitlab private registries. We have the Registry URL and Token. We need to store that in the Project in .npmrc file.

But the question is how do we store the auth token securely so that the token does not get pushed to the git repo. We know that we can set the npmrc at the user level. But if we need to use the npmrc at the project level, what are the various options available to store the auth token