feat(npm): support password auth npmrc rules (#8967)

Co-authored-by: Rhys Arkins <rhys@arkins.net>

docs/usage/private-modules.md

@@ -41,7 +41,7 @@ The recommended approaches in order of preference are:
 
 All the various approaches are described below:
 
-### Commit .npmrc file into repository
+### Add hostRule to bots config
 
 Define `hostRules` like this:
 
@@ -51,7 +51,14 @@ module.exports = {
     {
       hostType: 'npm',
       hostName: 'registry.npmjs.org',
-      token: 'abc123',
+      token: process.env.NPM_TOKEN,
+    },
+    {
+      hostType: 'npm',
+      baseUrl:
+        'https://pkgs.dev.azure.com/{organization}/_packaging/{feed}/npm/registry/',
+      username: 'VssSessionToken',
+      password: process.env.AZURE_NPM_TOKEN,
     },
   ],
 };
@@ -67,6 +74,8 @@ If Renovate detects a `.npmrc` or `.yarnrc` file then it will use it for its ins
 
 Does not work if using binarySource=docker.
 
+**This method will be deprecated soon**
+
 ### Add npmrc string to Renovate config
 
 The above solution maybe have a downside that all users of the repository (e.g. developers) will also use any `.npmrc` that is checked into the repository, instead of their own one in `~/.npmrc`.

lib/manager/npm/post-update/index.ts

@@ -466,6 +466,16 @@ export async function getAdditionalFiles(
           `//${hostRule.hostName}/:_authToken=${hostRule.token}`
         );
       }
+    } else if (is.string(hostRule.username) && is.string(hostRule.password)) {
+      if (hostRule.baseUrl) {
+        const uri = hostRule.baseUrl.replace(/^https?:/, '');
+        additionalNpmrcContent.push(`${uri}:username=${hostRule.username}`);
+        additionalNpmrcContent.push(`${uri}:_password=${hostRule.password}`);
+      } else if (hostRule.hostName) {
+        const uri = `//${hostRule.hostName}/`;
+        additionalNpmrcContent.push(`${uri}:username=${hostRule.username}`);
+        additionalNpmrcContent.push(`${uri}:_password=${hostRule.password}`);
+      }
     }
   }