Installing private package from Github Package registry using Yarn fails with not authorized

Question

This question is related to these. But none of the solutions worked for me.

• Yarn can't find private Github npm registry
• Installing private package fro

Answer 1

I am adding an answer here because after a day of trying different variations of the solutions here and elsewhere, I found that my issue was something else.

My issue was that, while npm is not case sensitive with regards to package names, yarn is when it comes to authentication!

Answer 2

You need only to use .npmrc in the root of your project with this content:

//npm.pkg.github.com/:_authToken=GITHUB_PERSONAL_TOKEN
@OWNER:registry=https://npm.pkg.github.com

Keep in mind that GITHUB_PERSONAL_TOKEN needs read:packages scope permissions in order to read the packages from your private repo.

Answer 3

The following worked for me in .npmrc

@mvce-superstars:registry=https://npm.pkg.github.com

Using yarn v2, the following worked for me in .yarnrc.yml:

npmScopes:
  "mvce-superstars":
    npmAlwaysAuth: true
    npmRegistryServer: "https://npm.pkg.github.com"

Firstly, note the lowercase scope name. This is supposed to be the name of the owner of the repository (MVCE-Superstars) where the package was published, but the name has to be all lower-cased.

---

The setup

Publishing

• I created a private copy of this hello-world repository.
• I copied over the above .npmrc OR .yarnrc.yml file into the repoository.
• Next I logged in using the npm login --registry=https://npm.pkg.github.com/ OR yarn npm login --scope=mvce-superstars command
• I entered my github user name, and my token (with scopes read:package, write:package, and repo)
• Finally, I pushed the package to my private repo using npm publish OR yarn npm publish

Output

npm notice 
npm notice