Publishing Node.js Package to GitHub Packages - Error ENEEDAUTH

Question

Hello everyone I am trying to publish my NPM package to GitHub packages using this yaml:

    # This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
    # For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages

    name: Node.js Package (GHP)

    on:
      release:
        types: [created]

    jobs:
      build:
        runs-on: ubuntu-latest
        steps:
          - uses: actions/checkout@v3
          - uses: actions/setup-node@v3
            with:
              node-version: 18
          - run: npm ci
          - run: npm test

      publish-gpr:
        needs: build
        runs-on: ubuntu-latest
        permissions:
          contents: read
          packages: write
        steps:
          - uses: actions/checkout@v3
          - uses: actions/setup-node@v3
            with:
              node-version: 18
              registry-url: https://npm.pkg.github.com/
          - run: npm ci
          - run: npm publish
            env:
              NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

But I am getting this error which I don't really understand since this is a template by GitHub themselves.

Here You can find my package.json.

I also tried adding a .npmrc file but my workflow still doesn't work.

I am really hoping you guys can help me with this issue. (My publish to NPM workflow works just fine btw, I just can't seem to get it to work with GitHub Packages)

Edit: My NPM account is also linked with GitHub.

Answer 1

ENEEEDAUTH error while trying to publish an NPM package to GitHub Packages, it typically indicates an authentication issue (as illustrated by npm/cli issue 6184).

@vighnesh153 I ran into this today, and it turns out that npm doesn't usually accept an auth token via an environment variable like NODE_AUTH_TOKEN or NPM_TOKEN, unless you specify this explicitly in an .npmrc file, which the setup-node action can create for you

If this does not apply, the rest of your GitHub Actions workflow seems correctly set up for publishing to GitHub Packages, with the NODE_AUTH_TOKEN environment variable being correctly assigned to secrets.GITHUB_TOKEN.

The .npmrc (Roo7K1d:registry=https://npm.pkg.github.com) (before you deleted it) tried to associate your package scope with GitHub's npm registry. However, for it to work correctly, you need to make sure that the scope in your package.json matches the username or organization name on GitHub exactly and is correctly referenced in .npmrc. For GitHub Packages, the correct format usually includes the scope, like:

@Roo7K1d:registry=https://npm.pkg.github.com/

And your package.json name field should include the scope as well:

{
  "name": "@Roo7K1d/wow-calendar.js",
  ...
  "publishConfig": {
    "registry": "https://npm.pkg.github.com/"
  }
}

That is important for GitHub Packages because it uses the scope to route the package to your account. Your publishConfig section seems correctly set, but make sure the scope is included in your package name.

Double-check that your GitHub token has the appropriate permissions for package publication.

Answer 2

IIRC npm publish fails when the package version is already in the registry. The JS-DevTools/npm-publish action can handle such cases without throwing errors:

- name: Push to Github
  uses: JS-DevTools/npm-publish@v3
  with:
    package: 'path/to/package.json'
    registry: 'https://npm.pkg.github.com'
    token: ${{ github.token }}
    access: 'public'
    provenance: true

This way you can control to which registries your package should be published. I use this in all my workflows