62

I have just published a private package on GitHub, trying to figure out how it should be working. now I'm trying to install it in another project. I authenticated with npm login --registry=https://npm.pkg.github.com with an access token that has write:packages, read:packages and repo privileges. While trying to run npm install https://npm.pkg.github.com/@orgname/package-name I get an error message:

npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"

How can I add/get this privilege?

Michał Sadowski
  • 1,632
  • 1
  • 9
  • 22
  • This question https://stackoverflow.com/questions/53099434/using-auth-tokens-in-npmrc helped me with the subject, but note that unlike the answer said, I had to add `${...}` around the environment variable to make it work. – SigmaSoldier Jun 10 '21 at 06:44

6 Answers6

81

You need to generate a personal access token on Github and add it to your npm config in addition to setting the registry in the npm config:

  • In Github navigate to https://github.com/settings/tokens (Settings > Developer settings > Personal access tokens) and you should see something like this:

enter image description here

  • Click Generate new token
  • From the permissions select at least read:packages

enter image description here

  • Click Generate token and copy the token

  • Add the following to your local .npmrc:

    @${OWNER}:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${TOKEN}

See the relevant Github Packages documentation

Related: For Github Actions, be aware of the difference between the GITHUB_TOKEN and a personal access token. The Github Token's permissions are limited to the repository that contains your workflow. For anything else (including granular permissions beyond those allowed for the Github Token) you need a personal access token.

br3w5
  • 4,060
  • 3
  • 32
  • 42
  • 4
    You own the green checkmark! I failed to notice those 2 lines were not talking about the same thing. I ended up with `@{{OWNER}}:registry=https://npm.pkg.github.com/:_authToken={{TOKEN}}` which was, of course, not working. Many thanks – maganap Sep 05 '20 at 17:32
  • 2
    Adding `registry=https://npm.pkg.github.com/OWNER` was not enough. This answer helped. – Nikasv Oct 05 '20 at 10:01
  • 1
    The username seems to be case sensitive as well. Keep that in mind. – Lemon Nov 24 '20 at 12:20
  • How about proxy? this configuration cannot bypass the company proxy. I still add it manually to project and looking for configuration now. – Tran Son Hoang Nov 29 '20 at 07:46
  • Is it good idea to commit tokens in repo. i'm pretty new to github actions, should I add those literally in my local .npmrc and they will be supplied behind the scenes in github workflow? Are {{OWNER}} and {{TOKEN}} built-in environment variables? – The.Wolfgang.Grimmer Dec 17 '20 at 03:05
  • OWNER is a built in one but TOKEN can be added as a repository secret (look in repo settings) and needs to be injected somehow see https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets – br3w5 Dec 18 '20 at 13:47
  • 1
    It should be noted that environment variable expansion is the `.npmrc` file is done though the `${}` tokens (Ex: `what=ever/${GITHUB_TOKEN}`). I mention this because at first I thought that was done though double braces like shown above (using `{{...}}`) and this led me to confusion. – SigmaSoldier Jun 10 '21 at 06:30
22

Apparently I'm an idiot who can't read documentation and missed that part:

In the same directory as your package.json file, create or edit an .npmrc file to include a line specifying GitHub Packages URL and the account owner. Replace OWNER with the name of the user or organization account that owns the repository containing your project.

registry=https://npm.pkg.github.com/OWNER

Community
  • 1
  • 1
Michał Sadowski
  • 1,632
  • 1
  • 9
  • 22
5

One other thing to check (this took me a while to realize):

I was getting the specified error:

npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"

Even though I thought I was correctly supplying a GITHUB TOKEN with the needed permissions.

I had set my github action to set the NODE_AUTH_TOKEN from the organization secret named GPR_PRIVATE_READ_TOKEN, which was working in another repo.

Turns out the issue was that the secret was defined to only be available to private repositories and I was trying to use it in a public repository. When I made the secret available to public repositories everything worked.

My workflow job looked like this (I'm showing all steps up to the install step in case it's helpful to someone to see):

jobs:
  ci:
    name: Run Tests
    steps:
      - name: Use Node.js 12.x
        uses: actions/setup-node@v1
        with:
          node-version: 12.x
          registry-url: https://npm.pkg.github.com/

      - uses: actions/checkout@v2

      - name: Install dependencies based on package-lock.json
        run: npm ci
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GPR_PRIVATE_READ_TOKEN }}
Mike Lippert
  • 1,951
  • 1
  • 17
  • 10
1

If your problem still persist, please be sure that your package name is in correct format.

enter image description here

tekin aydogdu
  • 36
  • 1
  • 4
0

The above answer was the solution for me. The updated version is documented as. Additionally, I had to ensure my PAT (personal access token) was authorized to access my organization repository.

jpt
  • 21
  • 5
-3

This is what worked with me

C:\Program Files\nodejs\node_modules\npm\npmrc

update the file here & your error will be resolved

Parth Developer
  • 1,190
  • 11
  • 26