Here’s an overview of the steps we’re covering:
Before we can start consuming private packages, the registry needs to know who you are each time you try to access it. That’s why we’ll start by creating a personal access token on GitHub. Your system will use it each time it needs to access the GitHub Packages Registry to install libraries.
Start by creating a personal token on GitHub:
Notefield, put down “GitHub Packages” as the description, so we’ll know what we used this token for in the future
Select scopes, select the
repo option: (checking the
repo scope, should automatically check all the options under it:)
We’re going to authenticate you into the GitHub Packages Registry by using your GitHub username and the Personal Access Token you just created as the password. To do so, pull up your Terminal and follow these steps:
npm login --registry=https://npm.pkg.github.com and enter these options:
Now npm will know how to forward your authentication credentials to the GitHub Packages Registry every time we try to access it. That way GitHub Packages will know who you are and what packages you have access to.
Let’s create a new file at the root of your project called
.npmrc. This file will instruct npm (or yarn) to pull packages directly from the GitHub Packages Registry. Below is an example of what your file should look like:
# File location: `~/some-directory/your-project/.npmrc` # Registry for the @my-org scope @my-org:registry=https://npm.pkg.github.com/
Now any libraries you add via
yarn that use the
@my-org scope will be installed directly from the GitHub Packages Registry.
The GitHub Packages Registry requires library authors to follow a few conventions when publishing packages. Understanding those conventions will add some color to how we’re configuring your development environment.
@angular, such as
The scope that library authors must use can be either their GitHub usernames, or their GitHub organization’s name, such as
It’s my personal preference to configure package consumption by project, thereby adding an
.npmrc file to each of my projects that will consume private libraries from the GitHub Packages Registry.
You should already have an npm configuration file under your user’s home directory, namely
~/.npmrc. Add the same lines mentioned above for the per-project configuration:
# File location: ~/.npmrc # Registry for the @my-org scope @my-org:registry=https://npm.pkg.github.com/
Now every time you install any packages under the
@my-org scope anywhere on your machine, npm will know to fetch those packages from the GitHub Packages Registry.
After configuring your work environment, you’ll be able to follow the same steps you usually do to install any packages.
Pull up your terminal and run:
npm install @my-org/package-name --save
If you prefer to use
yarn, all the previous steps we followed should work seamlessly for it.
yarn add @my-org/package-name
If you’d like a deeper dive into GitHub Packages, I would suggest browsing through their documentation to learn more about how to configure npm for use with GitHub Packages, among other use cases.
I hope this a helpful resource as you get a good handle on how to consume private npm libraries using GitHub Packages. Please feel free to reach out to me, preferrably via Twitter, if you think this guide is missing any key information.
Copyright © 2020 Sergio Cruz. All rights reserved.