Skip to content
Latchkey

How to Publish an npm Package to GitHub Packages

Set the registry to npm.pkg.github.com scoped to your org and authenticate with the built-in GITHUB_TOKEN, so no separate publish secret is needed.

GitHub Packages hosts npm packages under npm.pkg.github.com. The package name must be scoped to the owner (for example @my-org/pkg). CI authenticates with the automatically provided GITHUB_TOKEN plus packages: write permission.

Steps

  • Scope the package name to the owner, e.g. @my-org/tool in package.json.
  • Set registry-url to https://npm.pkg.github.com in setup-node.
  • Grant packages: write and publish with NODE_AUTH_TOKEN set to GITHUB_TOKEN.

Workflow

.github/workflows/ci.yml
permissions:
  contents: read
  packages: write
jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20
          registry-url: 'https://npm.pkg.github.com'
          scope: '@my-org'
      - run: npm ci
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.npmrc

.npmrc
@my-org:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}

Gotchas

  • The scope in package.json must match the GitHub owner or publish returns 404 Not Found.
  • Consumers also need a .npmrc line mapping the scope to npm.pkg.github.com.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →