diff --git a/plugin/publish/npm/npm.go b/plugin/publish/npm/npm.go
index df02a8eda..069396dbd 100644
--- a/plugin/publish/npm/npm.go
+++ b/plugin/publish/npm/npm.go
@@ -18,7 +18,11 @@ email = %s
 EOF
 `
 
-const CmdPublish = "npm publish %s"
+const (
+	CmdPublish     = "npm publish %s"
+	CmdAlwaysAuth  = "npm set always-auth true"
+	CmdSetRegistry = "npm config set registry %s"
+)
 
 var (
 	DefaultUser  = config.String("npm-user", "")
@@ -61,7 +65,9 @@ type NPM struct {
 func (n *NPM) Write(f *buildfile.Buildfile) {
 	// If the yaml doesn't provide a username or password
 	// we should attempt to use the global defaults.
-	if len(n.Email) == 0 {
+	if len(n.Email) == 0 ||
+		len(n.Username) == 0 ||
+		len(n.Password) == 0 {
 		n.Username = *DefaultUser
 		n.Password = *DefaultPass
 		n.Email = *DefaultEmail
@@ -75,8 +81,20 @@ func (n *NPM) Write(f *buildfile.Buildfile) {
 		return
 	}
 
-	var cmd = CmdPublish
+	// Setup the npm credentials
+	f.WriteCmdSilent(fmt.Sprintf(CmdLogin, n.Username, n.Password, n.Email))
 
+	// Setup custom npm registry
+	if len(n.Registry) != 0 {
+		f.WriteCmd(fmt.Sprintf(CmdSetRegistry, n.Registry))
+	}
+
+	// Set npm to always authenticate
+	if n.AlwaysAuth {
+		f.WriteCmd(CmdAlwaysAuth)
+	}
+
+	var cmd = fmt.Sprintf(CmdPublish, n.Folder)
 	if len(n.Tag) != 0 {
 		cmd += fmt.Sprintf(" --tag %s", n.Tag)
 	}
@@ -85,20 +103,7 @@ func (n *NPM) Write(f *buildfile.Buildfile) {
 		cmd += " --force"
 	}
 
-	// Setup the npm credentials
-	f.WriteCmdSilent(fmt.Sprintf(CmdLogin, n.Username, n.Password, n.Email))
-
-	// Setup custom npm registry
-	if len(n.Registry) != 0 {
-		f.WriteCmd(fmt.Sprintf("npm config set registry %s", n.Registry))
-	}
-
-	// Set npm to always authenticate
-	if n.AlwaysAuth {
-		f.WriteCmd("npm set always-auth true")
-	}
-
-	f.WriteCmd(fmt.Sprintf(cmd, n.Folder))
+	f.WriteCmd(cmd)
 }
 
 func (n *NPM) GetCondition() *condition.Condition {
diff --git a/plugin/publish/npm/npm_test.go b/plugin/publish/npm/npm_test.go
index cd61492d0..b0562c5d2 100644
--- a/plugin/publish/npm/npm_test.go
+++ b/plugin/publish/npm/npm_test.go
@@ -1,8 +1,10 @@
 package npm
 
 import (
+	"strings"
 	"testing"
 
+	"github.com/drone/drone/shared/build/buildfile"
 	"github.com/franela/goblin"
 )
 
@@ -10,13 +12,142 @@ func Test_NPM(t *testing.T) {
 
 	g := goblin.Goblin(t)
 	g.Describe("NPM Publish", func() {
-		g.It("Should set force")
-		g.It("Should set tag")
-		g.It("Should set registry")
-		g.It("Should set always-auth")
-		g.It("Should run publish")
-		g.It("Should create npmrc")
-		g.It("Should fail when no username or password")
-		g.It("Should use default username or password")
+
+		g.BeforeEach(func() {
+			var user, pass, email = "", "", ""
+			DefaultEmail = &user
+			DefaultUser = &pass
+			DefaultPass = &email
+		})
+
+		g.It("Should run publish", func() {
+			b := new(buildfile.Buildfile)
+			n := NPM{
+				Email:    "foo@bar.com",
+				Username: "foo",
+				Password: "bar",
+				Folder:   "/path/to/repo",
+			}
+
+			n.Write(b)
+			out := b.String()
+			g.Assert(strings.Contains(out, "\nnpm publish /path/to/repo\n")).Equal(true)
+			g.Assert(strings.Contains(out, "\nnpm set")).Equal(false)
+			g.Assert(strings.Contains(out, "\nnpm config set")).Equal(false)
+		})
+
+		/*
+			n := NPM{
+				Email:      "foo@bar.com",
+				Username:   "foo",
+				Password:   "bar",
+				Force:      true,
+				Registry:   "",
+				Folder:     "/path/to/repo",
+				Tag:        "1.0.0",
+				AlwaysAuth: false,
+			}
+		*/
+
+		g.It("Should set force", func() {
+			b := new(buildfile.Buildfile)
+			n := NPM{
+				Email:    "foo@bar.com",
+				Username: "foo",
+				Password: "bar",
+				Folder:   "/path/to/repo",
+				Force:    true,
+			}
+
+			n.Write(b)
+			g.Assert(strings.Contains(b.String(), "\nnpm publish /path/to/repo --force\n")).Equal(true)
+		})
+
+		g.It("Should set tag", func() {
+			b := new(buildfile.Buildfile)
+			n := NPM{
+				Email:    "foo@bar.com",
+				Username: "foo",
+				Password: "bar",
+				Folder:   "/path/to/repo",
+				Tag:      "1.0.0",
+			}
+
+			n.Write(b)
+			g.Assert(strings.Contains(b.String(), "\nnpm publish /path/to/repo --tag 1.0.0\n")).Equal(true)
+		})
+
+		g.It("Should set registry", func() {
+			b := new(buildfile.Buildfile)
+			n := NPM{
+				Email:    "foo@bar.com",
+				Username: "foo",
+				Password: "bar",
+				Folder:   "/path/to/repo",
+				Registry: "https://npmjs.com",
+			}
+
+			n.Write(b)
+			g.Assert(strings.Contains(b.String(), "\nnpm config set registry https://npmjs.com\n")).Equal(true)
+		})
+
+		g.It("Should set always-auth", func() {
+			b := new(buildfile.Buildfile)
+			n := NPM{
+				Email:      "foo@bar.com",
+				Username:   "foo",
+				Password:   "bar",
+				Folder:     "/path/to/repo",
+				AlwaysAuth: true,
+			}
+
+			n.Write(b)
+			g.Assert(strings.Contains(b.String(), CmdAlwaysAuth)).Equal(true)
+		})
+
+		g.It("Should skip when no username or password", func() {
+			b := new(buildfile.Buildfile)
+			n := new(NPM)
+
+			n.Write(b)
+			g.Assert(b.String()).Equal("")
+		})
+
+		g.It("Should use default username or password", func() {
+			b := new(buildfile.Buildfile)
+			n := new(NPM)
+
+			expected := `cat <<EOF > ~/.npmrc
+_auth = $(echo "foo:bar" | tr -d "\r\n" | base64)
+email = foo@bar.com
+EOF`
+
+			var user, pass, email string = "foo", "bar", "foo@bar.com"
+			DefaultUser = &user
+			DefaultPass = &pass
+			DefaultEmail = &email
+
+			n.Write(b)
+			g.Assert(strings.Contains(b.String(), expected)).Equal(true)
+		})
+
+		g.It("Should create npmrc", func() {
+			b := new(buildfile.Buildfile)
+			n := NPM{
+				Email:      "foo@bar.com",
+				Username:   "foo",
+				Password:   "bar",
+				Folder:     "/path/to/repo",
+				AlwaysAuth: true,
+			}
+
+			expected := `cat <<EOF > ~/.npmrc
+_auth = $(echo "foo:bar" | tr -d "\r\n" | base64)
+email = foo@bar.com
+EOF`
+
+			n.Write(b)
+			g.Assert(strings.Contains(b.String(), expected)).Equal(true)
+		})
 	})
 }