From 431ad3bb3bf6e2184fb0849046be0e7cb5e1fc27 Mon Sep 17 00:00:00 2001
From: Dave Lockhart <dlockhart@users.noreply.github.com>
Date: Tue, 26 May 2026 09:05:57 -0400
Subject: [PATCH 1/2] GAUD-10073: try out npm proxy

---
 .github/dependabot.yml                    | 6 ++++++
 .github/workflows/ci.yml                  | 5 +++--
 .github/workflows/release.yml             | 5 +++--
 .github/workflows/update-package-lock.yml | 5 +++--
 .github/workflows/vdiff.yml               | 5 +++--
 .npmrc                                    | 1 +
 package.json                              | 3 ++-
 7 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 902e79d6..64dcfaaf 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,9 +2,15 @@ version: 2
 updates:
   - package-ecosystem: "npm"
     directory: "/"
+    registries: "*"
     schedule:
       interval: "weekly"
     cooldown:
       # update-package-lock workflow handles minor/patch updates - delay for a few weeks to give time to handle breaking changes in those PRs
       default-days: 25
       semver-major-days: 5
+registries:
+  npm-npmjs:
+    type: npm-registry
+    url: https://npm.package-registry.brightspace.com/
+    replaces-base: true
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 10dc05f1..c03520bd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,10 +8,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: Brightspace/third-party-actions@actions/checkout
-      - uses: Brightspace/setup-node@main
+      - uses: Brightspace/setup-node@v2
         with:
-          node-version-file: .nvmrc
           cache: 'npm'
+          node-version-file: .nvmrc
+          registry-auth-token: ${{ secrets.D2L_PACKAGE_REGISTRY_AUTH_TOKEN }}
       - name: Install dependencies
         run: npm ci
       - name: Lint (JavaScript)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9f066aba..d4a39cff 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,10 +17,11 @@ jobs:
         uses: Brightspace/third-party-actions@actions/checkout
         with:
           persist-credentials: false
-      - uses: Brightspace/setup-node@main
+      - uses: Brightspace/setup-node@v2
         with:
-          node-version-file: .nvmrc
           cache: 'npm'
+          node-version-file: .nvmrc
+          registry-auth-token: ${{ secrets.D2L_PACKAGE_REGISTRY_AUTH_TOKEN }}
       - name: Semantic Release
         uses: BrightspaceUI/actions/semantic-release@semantic-release-beta-test
         with:
diff --git a/.github/workflows/update-package-lock.yml b/.github/workflows/update-package-lock.yml
index 4f22b44e..b44d70f5 100644
--- a/.github/workflows/update-package-lock.yml
+++ b/.github/workflows/update-package-lock.yml
@@ -12,10 +12,11 @@ jobs:
       - uses: Brightspace/third-party-actions@actions/checkout
         with:
           token: ${{ secrets.PR_GITHUB_TOKEN }}
-      - uses: Brightspace/setup-node@main
+      - uses: Brightspace/setup-node@v2
         with:
-          node-version-file: .nvmrc
           cache: 'npm'
+          node-version-file: .nvmrc
+          registry-auth-token: ${{ secrets.D2L_PACKAGE_REGISTRY_AUTH_TOKEN }}
       - name: Update package-lock.json
         uses: BrightspaceUI/actions/update-package-lock@main
         with:
diff --git a/.github/workflows/vdiff.yml b/.github/workflows/vdiff.yml
index 92efd03e..06ecc185 100644
--- a/.github/workflows/vdiff.yml
+++ b/.github/workflows/vdiff.yml
@@ -6,10 +6,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: Brightspace/third-party-actions@actions/checkout
-      - uses: Brightspace/setup-node@main
+      - uses: Brightspace/setup-node@v2
         with:
-          node-version-file: .nvmrc
           cache: 'npm'
+          node-version-file: .nvmrc
+          registry-auth-token: ${{ secrets.D2L_PACKAGE_REGISTRY_AUTH_TOKEN }}
       - name: Install dependencies
         run: npm ci
       - name: vdiff Tests
diff --git a/.npmrc b/.npmrc
index 97b895e2..93feb0c7 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1,2 @@
 ignore-scripts=true
+registry=https://npm.package-registry.brightspace.com/
diff --git a/package.json b/package.json
index 3b67e8a1..274fbc6e 100644
--- a/package.json
+++ b/package.json
@@ -40,7 +40,8 @@
     "/src"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
     "@brightspace-ui/intl": "^3",

From af32fdae0ad9dec4875fa47b1cfcf89b8ff96680 Mon Sep 17 00:00:00 2001
From: Dave Lockhart <dlockhart@users.noreply.github.com>
Date: Tue, 26 May 2026 09:50:53 -0400
Subject: [PATCH 2/2] try adding token

---
 .github/dependabot.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 64dcfaaf..2153f52c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -13,4 +13,5 @@ registries:
   npm-npmjs:
     type: npm-registry
     url: https://npm.package-registry.brightspace.com/
+    token: ${{ secrets.D2L_PACKAGE_REGISTRY_AUTH_TOKEN }}
     replaces-base: true