← Neumo Design System docs

Get an npm access token (install @kofile/* packages)

The Neumo Design System packages are private on npm. Before you can install any @kofile/* package — components, tokens, the MCP server, the Figma toolkit — npm needs proof that you're allowed to. You do this once with an access token. This page is the single source of truth; other docs link here.

Everyone needs this — designers, product, and engineers. It's the same handful of steps for all of us. First time and not comfortable in a terminal? The onboarding guide walks through it (and everything around it) in more detail.


What you need first


1. Create the token

  1. Sign in at npmjs.com with your @kofile-org account.
  2. Click your avatar (top-right) → Access Tokens.
  3. Click Generate New Token → Classic Token.
  4. Name it something memorable (e.g. neumo-ds), choose type Read-only, and click Generate Token.
  5. Copy the token now — npm won't show it again after you leave the page.

Read-only is all you need to install. Only publishers need write/automation tokens.


2. Save the token in your .npmrc

Your ~/.npmrc file is where npm keeps this credential. The safest way to set it is with a command (it creates/edits the file for you). Replace PASTE_TOKEN_HERE with what you copied:

npm config set //registry.npmjs.org/:_authToken=PASTE_TOKEN_HERE

That's it — npm (and npx) will now authenticate automatically for every @kofile/* install on your machine.

Other ways to configure it (per-project, CI)

Per-project .npmrc (checked into a repo, token from an env var so the secret isn't committed):

//registry.npmjs.org/:_authToken=${NPM_TOKEN}

Then set NPM_TOKEN in your environment before installing. Never commit the raw token — only the ${NPM_TOKEN} reference.

CI — store the token as a secret (e.g. NPM_TOKEN) and write the same line into .npmrc during the job. Use an Automation token for CI so it isn't blocked by 2FA.


3. Verify it works

npm view @kofile/gds-react version

Troubleshooting

What you see Likely cause Fix
npm error 404 Not Found on a @kofile/* package Token missing/invalid, or you're not in the @kofile org Re-run step 2 with a fresh token; if it persists, message Scott Stroupe on Teams to confirm org membership
npm error 401 Unauthorized Token is wrong, expired, or revoked Generate a new Read-only token (step 1) and re-save it (step 2)
npm whoami says 401 even though you have a valid token in .env npm reads ~/.npmrc, not .env — you likely have an old token in ~/.npmrc that's overriding the good one Re-run step 2 to overwrite ~/.npmrc with the working token: npm config set //registry.npmjs.org/:_authToken=YOUR_TOKEN
Works in your terminal but fails in CI CI has no token Add the token as a CI secret and write the .npmrc line in the job
npx @kofile/… hangs or fails Same auth issue — npx uses the same .npmrc Verify with step 3 first; fix the token, then retry
Not sure where ~/.npmrc is It's in your home folder cat ~/.npmrc prints it; the command in step 2 creates it if missing

Security: treat the token like a password. It lives in your private ~/.npmrc; never paste it into a shared file, a repo, or a screenshot.


These packages went private as part of locking the design system to the @kofile org. If a teammate can't get access, the fix is almost always org membership — message Scott Stroupe on Teams to be added.