I have the following statement in my .npmrc:

# scope_name and registry_url are withheld.
@<scope_name>:registry=<registry_url>
<registry_url>:_authToken=${NPM_TOKEN}

To the _authToken=${NPM_TOKEN} in this file, I get error [Npmrc_authToken] found npmrc authToken: ${NPM_TOKEN} @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-npm. However, I think it is ok, since the token is not actually displayed.

If ${NPM_TOKEN} is set in the configuration file, how do I set it to allow the pattern?

I think that we should change the pattern and to allow ${...} token value.

fixed in https://github.com/secretlint/secretlint/releases/tag/v5.2.4