To use JFrog Artifactory with V0 by Vercel, configure your V0-exported project's .npmrc file to point to your Artifactory npm registry for private package resolution. This is a development workflow integration — you set up the registry once in your project configuration, and Vercel reads it automatically during builds to install private packages.
Use Private npm Packages from JFrog Artifactory in Your V0 Project
JFrog Artifactory is the standard artifact management solution in enterprise software development. If your company maintains private npm packages — shared UI components, internal utility libraries, proprietary SDKs — they are almost certainly stored in Artifactory. When you build a V0-generated Next.js app that needs to consume these packages, you need to tell both your local development environment and Vercel's build system where to find them.
The integration is a development workflow configuration, not a runtime API integration. Artifactory is only involved during the npm install step of your build. The key files are .npmrc (which tells npm where to find packages and how to authenticate) and your Vercel environment variables (which supply the Artifactory token without hardcoding credentials in your repository).
This guide covers the complete setup from exporting your V0 project to configuring Vercel builds. The pattern works for both JFrog Artifactory Cloud (via jfrog.io) and self-hosted Artifactory instances. It also applies to Artifactory-hosted proxy repositories that cache public npm packages for air-gapped environments.
Integration method
JFrog Artifactory integrates with V0-exported Next.js projects through .npmrc configuration. When you export your V0 project and deploy to Vercel, Vercel reads the .npmrc file in the project root to resolve private npm packages from your Artifactory registry. No runtime API calls are needed — Artifactory is used purely at build time for dependency installation.
Prerequisites
- A JFrog Artifactory instance (cloud at yourcompany.jfrog.io or self-hosted) with an npm repository configured
- An Artifactory user account with read access to the npm repository, and an API token (Identity Token) for that account
- A V0 project exported to GitHub (V0 → Git panel → Connect → Push to GitHub)
- A Vercel project connected to the same GitHub repository
- The npm package scoped names you need to install (e.g., @company/package-name)
Step-by-step guide
Export Your V0 Project to GitHub
Export Your V0 Project to GitHub
Before configuring Artifactory, export your V0 project to a GitHub repository where you can edit files. In V0, click the Git panel in the left sidebar (the branching icon). If you have not connected GitHub yet, click 'Connect' and authorize V0 to access your GitHub account. Once connected, V0 will create a repository and push your project code. The repository will include the standard Next.js file structure: app/ directory, package.json, next.config.ts, and tsconfig.json. After the push completes, you can clone the repository locally or edit files directly in the GitHub web interface. You will need to add two configuration files to the repository: .npmrc (for registry configuration) and potentially update .gitignore to ensure you do not commit credentials. If you already have a Vercel project connected to the GitHub repo, any changes you push will automatically trigger a new Vercel deployment. Take note of your project root — that is where you will add the .npmrc file.
Pro tip: If you prefer not to commit .npmrc to the repository (to avoid accidentally including credentials), you can configure the npm registry entirely through Vercel's NPM_CONFIG_REGISTRY and NPM_TOKEN environment variables without a .npmrc file.
Expected result: Your V0 project code is in a GitHub repository. You can see app/package.json and the Next.js project structure in the repo.
Create an Artifactory Identity Token
Create an Artifactory Identity Token
Your Vercel build needs credentials to authenticate with Artifactory when downloading private packages. The recommended credential type is an Artifactory Identity Token (also called an API Key in older versions). Log in to your Artifactory instance — for Artifactory Cloud, go to yourcompany.jfrog.io. Click your username in the top right, then 'Edit Profile' or 'Set Me Up'. In the profile page, find the 'Identity Tokens' section (or 'API Key' in older Artifactory versions). Click 'Generate a Token' or 'Generate API Key'. Copy the token value — it will look like a long alphanumeric string. This token grants the same access to Artifactory repositories as your user account, so it should be treated as a secret password. You will add this token as a Vercel environment variable in the next step, not in any file in your repository. If you have an npm-specific virtual repository in Artifactory (which aggregates multiple local and remote npm repos), note its URL — it will look like https://yourcompany.jfrog.io/artifactory/api/npm/npm-virtual/.
Pro tip: Create a dedicated service account in Artifactory for your Vercel builds rather than using a personal account token. This prevents build failures if your personal account is disabled or the token is rotated.
Expected result: You have an Artifactory Identity Token copied and ready to use as a secret. You also have the npm repository URL for your Artifactory instance.
Configure .npmrc for Artifactory Registry
Configure .npmrc for Artifactory Registry
The .npmrc file in your project root tells npm (and Vercel's build system) where to find packages and how to authenticate. You need to create this file in the root of your exported V0 project. The configuration varies depending on whether all packages come from Artifactory or only scoped packages. For fully private enterprise environments where all packages are proxied through Artifactory, you set Artifactory as the default registry. For mixed scenarios where only specific packages (like @company/* scoped packages) come from Artifactory and the rest come from the public npm registry, you configure only the scoped registry. The authentication token uses a special format in .npmrc: the registry URL without the https: prefix, followed by :_authToken. The actual token value should come from an environment variable reference (${ARTIFACTORY_TOKEN}) rather than being hardcoded — this is critical for security. The .npmrc file with environment variable references is safe to commit to Git because it contains no actual credentials, only variable names.
1# .npmrc — commit this file to your repository2# Option A: All packages from Artifactory (full proxy)3registry=https://yourcompany.jfrog.io/artifactory/api/npm/npm-virtual/4//yourcompany.jfrog.io/artifactory/api/npm/npm-virtual/:_authToken=${ARTIFACTORY_TOKEN}56# Option B: Only scoped packages from Artifactory (mixed)7@company:registry=https://yourcompany.jfrog.io/artifactory/api/npm/npm-local/8//yourcompany.jfrog.io/artifactory/api/npm/npm-local/:_authToken=${ARTIFACTORY_TOKEN}Pro tip: Use Option B (scoped registry) unless your organization requires all packages to be proxied through Artifactory for security scanning. Option B is simpler to maintain and avoids routing public packages through Artifactory unnecessarily.
Expected result: The .npmrc file is committed to your GitHub repository. It references ${ARTIFACTORY_TOKEN} as a variable placeholder, not a hardcoded credential.
Add ARTIFACTORY_TOKEN to Vercel Environment Variables
Add ARTIFACTORY_TOKEN to Vercel Environment Variables
Vercel automatically reads .npmrc during the build process and substitutes environment variable references like ${ARTIFACTORY_TOKEN} with their actual values. This means you only need to set ARTIFACTORY_TOKEN once in the Vercel Dashboard, and it will be available for every deployment. Navigate to your Vercel project at vercel.com, click on the project, go to Settings → Environment Variables. Add a new variable named ARTIFACTORY_TOKEN and paste the Identity Token you generated from Artifactory as the value. Set it for the Production, Preview, and Development environments. Since this token is used during the build process (not at runtime), it does not need the NEXT_PUBLIC_ prefix — Vercel makes all environment variables available to the build environment regardless of prefix. If you have separate Artifactory repositories for development and production (which is common in enterprise setups), you can create two different tokens and configure them per environment scope in Vercel. Click Save after adding the variable.
1# Vercel environment variable to configure:2# Name: ARTIFACTORY_TOKEN3# Value: your-artifactory-identity-token4# Environments: Production, Preview, DevelopmentPro tip: After adding the environment variable, trigger a manual redeployment from the Vercel Deployments tab. New environment variables do not take effect until the next deployment.
Expected result: ARTIFACTORY_TOKEN is set in Vercel Dashboard. The next deployment will use this token to authenticate npm package downloads from Artifactory.
Verify the Build and Install Private Packages
Verify the Build and Install Private Packages
Trigger a new Vercel deployment to test the Artifactory configuration. The easiest way is to push a small change to your GitHub repository — edit a comment in any file and push. Vercel will automatically detect the push and start a new deployment. Watch the build logs in the Vercel dashboard (click the deployment → View Build Logs). During the npm install step, you will see Vercel downloading packages. If Artifactory is correctly configured, packages from your private registry will appear in the install log alongside public npm packages. If authentication fails, you will see errors like 'E403 Forbidden' or '401 Unauthorized' with the Artifactory registry URL. Common causes include a typo in the registry URL in .npmrc, a token with insufficient permissions in Artifactory, or the environment variable name not matching exactly what is referenced in .npmrc (case-sensitive). If you need to install a private package in your V0 project, add it to package.json dependencies like any other npm package — the registry configuration handles where npm looks for it. For teams managing complex multi-tenant Artifactory setups with virtual repositories spanning multiple organizations, RapidDev can help structure the .npmrc configuration for Vercel compatibility.
1// Verify private package access locally before deploying:2// 1. Create .env.local with ARTIFACTORY_TOKEN=your-token3// 2. Run: npm install4// If private packages install successfully, Vercel will work the same way.56// Example package.json entry for private package:7{8 "dependencies": {9 "@company/design-system": "^2.1.0",10 "@company/api-client": "^1.5.3"11 }12}Pro tip: Run npm install locally with your .env.local containing ARTIFACTORY_TOKEN before pushing to Vercel — this catches .npmrc configuration errors faster than waiting for a Vercel build.
Expected result: The Vercel build log shows npm installing packages from Artifactory without authentication errors. Private packages are resolved successfully and the deployment completes.
Common use cases
Enterprise Design System Components
Your company has a private npm package of branded React components (@company/design-system) stored in Artifactory. A V0-generated app needs to use these components instead of default shadcn/ui. Configuring .npmrc lets V0 projects consume the private package during Vercel builds.
Copy this prompt to try it in V0
Internal Utility Library Integration
Your team maintains private utility packages (@company/api-client, @company/auth-helpers) in Artifactory. V0-generated Next.js apps can import and use these packages after configuring the registry in .npmrc.
Copy this prompt to try it in V0
Air-Gapped npm Proxy Cache
In a security-restricted enterprise environment, all npm packages must be installed from an internal Artifactory proxy repository that mirrors the public npm registry. This ensures every package is scanned for vulnerabilities before installation.
Copy this prompt to try it in V0
Troubleshooting
npm ERR! 403 Forbidden when Vercel tries to install packages from Artifactory
Cause: The ARTIFACTORY_TOKEN environment variable is incorrect, not set for the correct environment, or the Artifactory user does not have read permission on the repository.
Solution: Verify ARTIFACTORY_TOKEN is set in Vercel Dashboard → Settings → Environment Variables for the Production environment. Test the token locally by running npm install with ARTIFACTORY_TOKEN set in your shell. In Artifactory, check the user's permissions on the npm repository under Administration → Repositories → select repo → Permissions.
npm ERR! 401 Unauthorized — the .npmrc authentication token is not being picked up
Cause: The environment variable reference syntax in .npmrc is incorrect, or Vercel is not substituting the variable. This often happens when using ${ARTIFACTORY_TOKEN} without the curly braces.
Solution: Ensure the .npmrc uses the correct syntax: //registry.url/:_authToken=${ARTIFACTORY_TOKEN} with curly braces. Verify the variable name in .npmrc matches exactly (case-sensitive) the variable name set in Vercel Dashboard.
1# Correct format:2//yourcompany.jfrog.io/artifactory/api/npm/npm-virtual/:_authToken=${ARTIFACTORY_TOKEN}Package not found — npm cannot find @company/private-package even with Artifactory configured
Cause: The package exists in a different Artifactory repository than the one configured in .npmrc, or the package scope in .npmrc does not match the package's actual npm scope.
Solution: In Artifactory, search for the package name to find which repository it lives in. Ensure the repository URL in .npmrc exactly matches the repository where the package is published. For scoped packages, ensure the @scope prefix in .npmrc matches the package scope.
Best practices
- Use environment variable references (${ARTIFACTORY_TOKEN}) in .npmrc rather than hardcoded tokens — this makes .npmrc safe to commit to Git
- Create a dedicated Artifactory service account for Vercel builds with read-only access to only the required repositories
- Rotate Artifactory tokens regularly and update the Vercel environment variable — set a calendar reminder for token expiry
- Use Artifactory virtual repositories that aggregate local and remote repos, so you only need one registry URL in .npmrc
- Test your .npmrc configuration locally by setting ARTIFACTORY_TOKEN in your shell before pushing to Vercel
- Add .npmrc to .gitignore if you ever need to store actual tokens locally — use a separate .npmrc.example with variable references for documentation
Alternatives
Docker (with Artifactory as the container registry) is the better choice when you need to containerize your Next.js app instead of deploying to Vercel's serverless infrastructure.
For small teams, using Git submodules or npm packages installed directly from a private GitHub repository is simpler than running a full Artifactory instance.
GitLab Package Registry provides a simpler npm registry for teams already using GitLab for source control, without requiring a separate Artifactory infrastructure.
Frequently asked questions
Does Vercel support .npmrc files automatically?
Yes. Vercel reads the .npmrc file in the project root during the npm install step of the build process and substitutes environment variable references. You do not need any special Vercel configuration beyond setting the referenced environment variables in the Dashboard.
Can I use Artifactory with pnpm or yarn instead of npm?
Yes. For pnpm, use .npmrc with the same configuration — pnpm reads the same .npmrc format. For Yarn v1, use .yarnrc.yml with the npmRegistryServer and npmRegistries fields. Vercel supports all three package managers; specify your package manager in package.json engines field.
Do I need Artifactory Pro to use it with Vercel?
The free tier of JFrog Artifactory Cloud (now part of JFrog Free) supports npm repositories and identity tokens. For enterprise features like user group management, LDAP integration, and replication, you need a paid plan. For Vercel integration specifically, the free tier is sufficient.
Is .npmrc with environment variable references safe to commit to GitHub?
Yes, as long as the .npmrc file uses environment variable references (${VARIABLE_NAME}) rather than hardcoded tokens. The file itself contains only configuration and variable names — no actual secret values. The actual token lives in Vercel's environment variable system.
What is the difference between a local, remote, and virtual repository in Artifactory?
A local repository stores packages you publish yourself. A remote repository is a proxy cache for an external registry like npmjs.com. A virtual repository aggregates multiple local and remote repos into a single URL. For .npmrc configuration, always point to a virtual repository — it lets developers install both your private packages and public npm packages from one endpoint.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation