Installing private package from Github Package registry fails with not found/not authorized

15
votes

I created and published a private Github package. Trying to install it with yarn at first, I face the following issue:

Whether I try with yarn or npm, it cannot find the package at all although following the exact steps documented by Github (https://help.github.com/en/github/managing-packages-with-github-package-registry/configuring-npm-for-use-with-github-package-registry).

My .yarnrc:

registry "https://npm.pkg.github.com/OWNER"

With yarn, it continuously tries to look for the package at https://registry.yarnpkg.com/@GITHUB_USERNAME instead of the registry I entered above.

Remark: in .yarnrc registries need to be added following a slightly different syntax:

registry "https://npm.pkg.github.com/"

So far I started to also play around with a mix of .npmrc and .yarnrc configurations but no luck.

-

EDIT (Partly solved)

I figured out how to actually access the package, both using npm or - in my case - yarn. Now I face the issue of a Request failed \"401 Unauthorized\" error, although I added the credentials on top of .yarnrc:

//npm.pkg.github.com/:_authToken=AUTH_TOKEN

Doing the same in .npmrc doesn't work either.

3
npmyarnpkginstall.packagesgithub-package-registry
Vote on this proposal to ease the tag confusion.leonheess

3 Answers

27
votes

I found the solution which unfortunately is not well documented anywhere but a mix of different resources - and it's quite simple.

No matter whether you use npm or yarn, just have the following .npmrc in place (yarn will also include this):

registry=https://registry.yarnpkg.com/

@GITHUB_USERNAME:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=AUTH_TOKEN
always-auth=true

Some comments:

  • always-auth is needed, at least when using yarn (haven't tested using npm)
  • Adding the above in the .yarnrc instead doesn't work. Somehow yarn has issues when authentication is needed.
  • Now you can easily install your private packages with yarn add @GITHUB_USERNAME/PACKAGE_NAME or the npm equivalent.
  • Include registry=https://registry.yarnpkg.com/ for yarn or registry=https://registry.npmjs.org/ for npm

I hope this solution works also in your case. Otherwise let me know what issues you face and I'm happy to share some of the research on this topic and where the solution may hide.

2
votes

I am adding an answer here because after a day of trying different variations of the solutions here and elsewhere, I found that my issue was something else.

My issue was that, while npm is not case sensitive with regards to package names, yarn is when it comes to authentication! 🤦‍♂️

So, using the example from the accepted solution above:

registry=https://registry.yarnpkg.com/

@GITHUB_USERNAME:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=AUTH_TOKEN
always-auth=true

I needed to ensure two things:

  1. @GITHUB_USERNAME needs to match the case that you see on github and the name the package was published under. I.e., if your username is Pickle-Rick, you need to put @Pickle-Rick:registry=https://npm.pkg.github.com, not @pickle-rick or @Pickle-rick.

  2. You need to match this casing in your package.json or your yarn add command - whichever you are using. For example:

    "@Pickle-Rick/schwifty": "^1.0.0" in package.json or yarn add @Pickle-Rick/schwifty.

I found this solution by digging through yarn github issues.

1
votes

What you need to do is specify where to retrieve EACH package, with something like this in your .npmrc (I don't know the yarn syntax, but it works with yarn when it reads the .npmrc):

//registry.npmjs.org/:_authToken=<token-npm-read>
//npm.pkg.github.com/:_authToken=<token-github-package-read>
@foo:registry=https://npm.pkg.github.com
@far:registry=https://registry.npmjs.org

And then, Yarn will search @foo/mypackage1 in Github, where @far/mypackage2 will be searched in npmjs. The default registry will be kept for the others, whatever you set it to.