Access token not working

0 info it worked if it ends with ok
1 verbose cli [
1 verbose cli   'C:\\Program Files\\nodejs\\node.exe',
1 verbose cli   'C:\\Users\\lynds\\AppData\\Roaming\\npm\\node_modules\\npm\\bin\\npm-cli.js',
1 verbose cli   'login',
1 verbose cli   '--registry=https://npm.pkg.github.com'
1 verbose cli ]
2 info using npm@6.14.5
3 info using node@v12.16.1
4 verbose npm-session 7e677c48d13ee81b
5 verbose web login before first POST
6 http fetch POST 404 https://npm.pkg.github.com/-/v1/login 403ms
7 verbose web login not supported, trying couch
8 verbose login before first PUT {
8 verbose login   _id: 'org.couchdb.user:callumok2004',
8 verbose login   name: 'callumok2004',
8 verbose login   password: 'XXXXX',
8 verbose login   type: 'user',
8 verbose login   roles: [],
8 verbose login   date: '2020-07-04T01:17:27.792Z'
8 verbose login }
9 http fetch PUT 401 https://npm.pkg.github.com/-/user/org.couchdb.user:callumok2004 267ms
10 verbose adduser before first PUT {
10 verbose adduser   _id: 'org.couchdb.user:callumok2004',
10 verbose adduser   name: 'callumok2004',
10 verbose adduser   password: 'XXXXX',
10 verbose adduser   email: 'callumokane123@gmail.com',
10 verbose adduser   type: 'user',
10 verbose adduser   roles: [],
10 verbose adduser   date: '2020-07-04T01:17:28.064Z'
10 verbose adduser }
11 http fetch PUT 401 https://npm.pkg.github.com/-/user/org.couchdb.user:callumok2004 245ms
12 verbose stack Error: 401 Unauthorized - PUT https://npm.pkg.github.com/-/user/org.couchdb.user:callumok2004 - Error authenticating user: Personal Access Token is invalid. Your token must have the `repo` and read:packages` scopes to login to the GitHub Package Registry.
12 verbose stack     at C:\Users\lynds\AppData\Roaming\npm\node_modules\npm\node_modules\npm-registry-fetch\check-response.js:104:15
12 verbose stack     at processTicksAndRejections (internal/process/task_queues.js:97:5)
13 verbose statusCode 401
14 verbose cwd C:\Users\lynds\Desktop\QuickerDB
15 verbose Windows_NT 10.0.18363
16 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\lynds\\AppData\\Roaming\\npm\\node_modules\\npm\\bin\\npm-cli.js" "login" "--registry=https://npm.pkg.github.com"
17 verbose node v12.16.1
18 verbose npm  v6.14.5
19 error code E401
20 error 401 Unauthorized - PUT https://npm.pkg.github.com/-/user/org.couchdb.user:callumok2004 - Error authenticating user: Personal Access Token is invalid. Your token must have the `repo` and read:packages` scopes to login to the GitHub Package Registry.
21 verbose exit [ 1, true ]

package.json

{
  "name": "@maniabots/quickerdb",
  "version": "1.2.5",
  "description": "Wrapper for the well known NodeJS module - quick.db",
  "main": "./src/index.js",
  "repository": {
    "url": "https://github.com/ManiaBots/QuickerDB"
  },
  "publishConfig": { "registry": "https://npm.pkg.github.com/" },
  "dependencies": {
    "chalk": "^4.0.0",
    "quick.db": "^7.1.1"
  }
}

.npmrc

@ManiaBots:registry=https://npm.pkg.github.com/

C:/Users/user/.npmrc

//npm.pkg.github.com/:_authToken=xxxxxxxxxxxxxx
//registry.npmjs.org/:_authToken=xxxxxxxxxxxxxx

Hi @callumok2004,

Error authenticating user: Personal Access Token is invalid. Your token must
have the `repo` and `read:packages` scopes to login to the GitHub Package Registry.

This is the error is shows if you try to login using your GitHub username and password, rather than using a PAT at the password (username can be anything).

There is another way to authenticate, which I think it better. Create an .npmrc file at the root of your repository like this:

//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
@maniabots:registry=https://npm.pkg.github.com

You can then:

export GITHUB_TOKEN=<PAT with read:packages scope>
npm install

…or:

export GITHUB_TOKEN=<PAT with repo, write:packages and read:packages scope>
npm publish

This way you can use the same .npmrc file for local development and when publishing a package as part of a GitHub Actions workflow.

I hope that helps!

1 Like

Hello, @jcansdale!

I publish packages via yarn, so my npm interface is not configured.

Could you please clarify why $GITHUB_TOKEN should suddenly appear in my environment variables?

Or what do these strange squiggles mean after the equal sign? <PAT with read: packages scope> is definitely not a bash command. :grinning:

Now the npmjs main page is serving json:

{
    "error": "Service Unavailable"
}

I’ll wait)

In order to access GitHub Packages, users need to provide a Personal Access Token that has been created with the read:packages scope.

By creating a .npmrc file that accepts an env var ( in this case ${GITHUB_TOKEN}), you can give a hint to any user that clones the repository what is required. Before calling npm install you will need to make sure the GITHUB_TOKEN env var exists.

Alternatively you can add a similar entry to your user ~/.npmrc file like this:

$ npm login --repository https://npm.pkg.github.com --scope maniabots

I hope that makes sense!