My scenario is that our NPM server is a locally-running Artifactory instance and every interaction with is requires authentication - even reads. I'm getting a 403 during the call to get the last release. This call configures the npm client with the auth property, but does not set alwaysAuth: true and does not provide a way for me to configure this plugin to do that. I've tested it locally and adding that option solves my issue.

I assume that we don't want to set always set that to true for all users, but at least providing a way to configure this plugin to operate in that mode would help me. I could start working on a pull request if you think adding this is the right thing to do. Thanks.