How to Publish an Internal Package Consumed by Other Repos
Publishing shared code as an internal package to GitHub Packages lets other repos depend on a pinned version instead of duplicating source.
On release, publish the package to GitHub Packages scoped to your org. Consuming repos add a scoped registry line to .npmrc and install it with a token that can read packages.
Steps
- Set the package name to your org scope and
publishConfig.registryto GitHub Packages. - Publish on tag push with the built-in token and
packages: write. - In consumers, point the scope at the registry and authenticate.
Publish workflow
.github/workflows/publish.yml
on:
push:
tags: ['v*']
permissions:
contents: read
packages: write
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: https://npm.pkg.github.com
- run: npm ci && npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}Consumer .npmrc
.npmrc
@my-org:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}Gotchas
- Consumers need a token with
read:packagesto install a private org package. - Bump the package version on every publish; GitHub Packages rejects re-publishing the same version.
Related guides
How to Propagate a Version Bump Across RepositoriesWhen a shared library releases a new version, open update pull requests in every consuming repo automatically…
How to Choose Between Submodule, Subtree, and Package for Shared CodeCompare git submodule, git subtree, and publishing a versioned package for sharing code across repos, with th…