Installing packages from github npm registry - auth error 401

Question

I have just published a private package on GitHub, trying to figure out how it should be working. now I'm trying to install it in another project. I authenticated with npm login --registry=https://npm.pkg.github.com with an access token that has write:packages, read:packages and repo privileges. While trying to run npm install https://npm.pkg.github.com/@orgname/package-name I get an error message:

npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"

How can I add/get this privilege?

Answer 1

Apparently I'm an idiot who can't read documentation and missed that part:

In the same directory as your package.json file, create or edit an .npmrc file to include a line specifying GitHub Packages URL and the account owner. Replace OWNER with the name of the user or organization account that owns the repository containing your project.

registry=https://npm.pkg.github.com/OWNER

Answer 2

I was struggling to figure out why the .npmrc file would only work if I placed my PAT in plaintext in the file, which just seemed daft! The fix is to set the "TOKEN" environment variable as part of your workflow file. I have:

      - run: npm install
        env:
          TOKEN: ${{ secrets.TOKEN }}

The secrets.TOKEN above refers to a Repository secret that I created for the repository that needs to access github packages: (Repository > Settings > Security > Secrets > Actions)

And the value of this secret was copied from a Personal Access Token I created for myself that only has read:packages scope: (User settings > Developer settings > Personal Access Tokens > Tokens (classic))

It's also reassuring to see that it detects the usage of this token!

Finally, my .npmrc file contains:

@shiraze:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${TOKEN}

I'm using my own username rather than the organisation name as that works for me. I think I could use the organisation name when I upgrade to Github Enterprise.

Answer 3

You need to generate a personal access token on Github and add it to your npm config in addition to setting the registry in the npm config:

• In Github navigate to https://github.com/settings/tokens (Settings > Developer settings > Personal access tokens) and you should see something like this:

• Click Generate new token
• From the permissions select at least read:packages

• Click Generate token and copy the token

• Add the following to your local .npmrc:

  @${OWNER}:registry=https://npm.pkg.github.com
  //npm.pkg.github.com/:_authToken=${TOKEN}
  

See the relevant Github Packages documentation

Related: For Github Actions, be aware of the difference between the GITHUB_TOKEN and a personal access token. The Github Token's permissions are limited to the repository that contains your workflow. For anything else (including granular permissions beyond those allowed for the Github Token) you need a personal access token.

Answer 4

The above answer was the solution for me. The updated version is documented as. Additionally, I had to ensure my PAT (personal access token) was authorized to access my organization repository.

Answer 5

If your problem still persist, please be sure that your package name is in correct format.

Answer 6

One other thing to check (this took me a while to realize):

I was getting the specified error:

npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"

Even though I thought I was correctly supplying a GITHUB TOKEN with the needed permissions.

I had set my github action to set the NODE_AUTH_TOKEN from the organization secret named GPR_PRIVATE_READ_TOKEN, which was working in another repo.

Turns out the issue was that the secret was defined to only be available to private repositories and I was trying to use it in a public repository. When I made the secret available to public repositories everything worked.

My workflow job looked like this (I'm showing all steps up to the install step in case it's helpful to someone to see):

jobs:
  ci:
    name: Run Tests
    steps:
      - name: Use Node.js 12.x
        uses: actions/setup-node@v1
        with:
          node-version: 12.x
          registry-url: https://npm.pkg.github.com/

      - uses: actions/checkout@v2

      - name: Install dependencies based on package-lock.json
        run: npm ci
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GPR_PRIVATE_READ_TOKEN }}