Open in app

Sign in

Write

Sign in

Publishing private NPM packages via GitHub

Prajwol KC
readytowork-org
Published in
2 min readMar 19, 2023

--

When using the NPM package, there are certain conditions where we need to install the NPM package that is private and only specific to our use case. This package is tagged as private which is not installed by the public user except our own entity.

We can create a package and test it as private. We can follow the following step.

The first step is to Publish the Package to Github

Create a file release-package.yml inside .github/workflows folder.

.github/workflows/release-package.yml

A sample file as

name: Node.js Package relase

on:
  release:
    types: [created]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 16
      - run: npm ci

  publish-gpr:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 16
          registry-url: https://npm.pkg.github.com/
      - run: npm ci
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}${{secrets.GITHUB_TOKEN}}

${{secrets.GITHUB_TOKEN}} — This should be generated from the GitHub token generator. https://github.com/settings/tokens

We can add an npm test if needed as — run: npm test

Just commit the changes to the package and push it to our private repo.

The work on the package is done. The publishing package is now private.

Now we need to add the private package to our project. Create .npmrc file

Inside npmrc file, the content will be like this

# In case of scripbox packages, scope is going to be scripbox
@<scope>:registry = https://npm.pkg.github.com

_authToken = <AUTH_TOKEN>
always-auth = true<scope> should be the repo owner label

<AUTH_TOKEN> should be generated from https://github.com/settings/tokens with proper permission.

Now just need to add the private package which will be an authorized repo, as

yarn add @xyz/xyz-abc@1.0.0

The version number will be fetched from the publishing package as a tag.

Now we are using the private package, in our project which won’t be accessed by the public.

Ref: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-npm-registry#installing-a-package

Originally published at https://prajwol-kc.com.np on March 19, 2023.

Github
Npm Package

--

--

Prajwol KC
readytowork-org

Written by Prajwol KC

46 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams