Tips for Using a Private NPM Registry

Continuing the NPM registry series (*), we will analyze the GitHub solution to this problem: Github Package. This allows us to host our software packages privately or publicly and use packages as dependencies in our projects. Let’s give it a try!

GitHub Packages: Streamlining DevOps Workflows and Package Management

GitHub Packages combines our source code and packages in one place to provide integrated permissions management and billing so that you can centralize your software development on GitHub.

You can integrate GitHub Packages with GitHub APIs, GitHub Actions, and webhooks to create an end-to-end DevOps workflow that includes your code, CI, and deployment solutions.

GitHub Packages offers different package registries for commonly used package managers, such as npm, RubyGems, Apache Maven, Gradle, Docker, and NuGet.

GitHub Packages

To start, we can choose a limited free-use package. Then, if we need more features, these are the plan’s pricing.

For Example…

  1. To start with GitHub Packages, we will need to have a GitHub account and be using it as version control of our project.

  2. Here, we can follow a simple Quickstart to create an example repository with a simple GitHub action to automatically generate a package each time a new release of our product is created.


    3. We will need to authenticate to publish a package directly from our local environment or consume the library. To achieve this, we will need to
        create a personal access token.

GitHub Packages with NPM: Working with the Repository Locally

So we can authenticate to GitHub Packages with NPM by either editing your per-user ~/.npmrc file to include your access token or by logging in to NPM on the command line using your username and personal access token.

To authenticate by adding your access token to your ~/.npmrc file, edit your project’s ~/.npmrc file to include the following line, replacing TOKEN with your access token. Create a new ~/.npmrc file if one doesn’t exist.


You can also authenticate it by logging in to npm, using the npm login command, replacing USERNAME with your GitHub username, TOKEN with your persona access token, and PUBLIC-EMAIL-ADDRESS with your email address.

					$ npm login --scope=@OWNER --registry=https://npm.pkg.github.com> Username: USERNAME> Password: TOKEN> Email: PUBLIC-EMAIL-ADDRESS


Publishing a Package

Once we have the project and our environment configured, we could avoid the new release creation, we could publish directly from the CLI.

We will need to update the version on the package.json

					{  "name": "@EverseDevelopment/everse.react.toolkit",  "version": "0.0.3",  "private": false,  "description": "E-verse react toolkit",  "main": "dist/index.js",  "license": "MIT",  "dependencies": {...}


Then run this command:

					$ npm publish


Cons & Pros of Working with a Private NPM Registry

This is easier than Verdaccio but still could be a little complicated for non-technical users.
Documentation is good, and GitHub is a reliable platform.
If we need to have your package on-premises, this is not an option.
Once everything is set up, the repository works like a charm.
If we already have the infrastructure and our project is too big, it will be cheaper to avoid the cloud.
Avoid managing Virtual Machines makes everything simpler.
Most things could be managed through the GUI.
If we want to distribute our package, people will feel more confident about having the official repository linked with that package.
What do you think? Have you tried GitHub Package? Let us know what you prefer: working with cloud services or managing your on-prem services? If you have other options, we would like to listen about it!

I'm a Software Engineer passionate about tech. I love to solve the new challenges this profession brings me to move the borders of my knowledge, always enjoying the process and thinking about what the clients need.