Cannot consume private NPM package hosted on GPR

Hi there,

I have a private repo that, using Github Actions workflow, I have published as a private npm package on Github Package Registry. I want to consume this package in the scope of another private project of mine. But there is an issue. Upon importing the GPR hosted package as a dependency I get a ‘module not found’ error.

  1. Github Actions workflow successfully publishes private npm package to GPR.
  2. The published package appears under ‘Package’ tab at Github user landing.
  3. GPR_ACCESS_TOKEN is a PAT (ensuring that I can consume the package).

BELOW: the error in question

BELOW: .npmrc file at root of project consuming private package

@slackermorris:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=XXXX-XXXX-XXXX-XXXX

BELOW: Github Action responsible for republishing private npm package to Github Registry.

name: Node.js Package

on:

  push:

    branches:

      - master

  release:

    types: [created]

jobs:

  build:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v2

      - uses: actions/setup-node@v1

        with:

          node-version: 12

      - run: npm ci

      - run: npm test

        env:

          CI: true

  publish-gpr:

    needs: build

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v2

      - uses: actions/setup-node@v1

        with:

          node-version: 12

          registry-url: https://npm.pkg.github.com

          scope: slackermorris

      - run: npm ci

      - run: npm publish

        env:

          NODE_AUTH_TOKEN: ${{secrets.GPR_ACCESS_TOKEN}}

BELOW: package.json of the published npm package.

"name": "@slackermorris/bostock-metaball-animation",

  "version": "1.0.3",

  "main": "index.js",

  "author": "slackermorris",

  "license": "MIT",

  "publishConfig": {

    "registry": "https://npm.pkg.github.com"

  } ...

Hi @slackermorris,

Did you have any luck getting this working?

I think you might need to pass NODE_AUTH_TOKEN to the npm ci step in your workflow.

For example:

- run: npm ci
  env:
    NODE_AUTH_TOKEN: ${{secrets.GPR_ACCESS_TOKEN}}

Does that make sense?

Hi there,

So sorry that I did not reply. Thank you very much for your time. I discovered a number of issues on my behalf:

  • I resorted to using GITHUB_TOKEN as my means for authenticating Github Package Registry. I did not release this was automatically generated upon executing the Github Action Workflow. Though, I am unsure why using my own created PAT did not work… :S.
  • I had configured the job to publish to GPR incorrectly: I was pointing to the NPM registry and not the GPR (NPM proxied) registry:
[WRONG] registry-url: 'https://registry.npmjs.org'
[RIGHT]    registry-url: 'https://npm.pkg.github.com'

I have included my main.yml workflow, which I used to publish to GPR, if anyone is interested:

name: Publish Node.js Package

on:
  push:
    branches:
      - master
  release:
    types: [created]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v1
        with:
          node-version: 12
      - run: npm ci
      - run: npm test
      - run: npm run build
      - name: zip node_modules as build artifact
        run: zip -9qry "build.zip" "./" -i "node_modules/*"
      - name: upload build.zip
        uses: actions/upload-artifact@v2
        with:
          name: build.zip
          path: build.zip
        env:
          CI: true
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
  publish-gpr:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@slackermorris'
      - name: authenticate with Github Package Registry
        run:
          echo "//npm.pkg.github.com:_authToken=${{ secrets.GITHUB_TOKEN }}" >
          ~/.npmrc
      - name: download build.zip
        uses: actions/download-artifact@v2
        with:
          name: build.zip
      - name: unzip build.zip
        run: unzip -q build.zip
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

I also found these links really helpful:

Helpful when publishing package:

  1. NPM Publish to GPR and NPM | Mitchell Simoens Blog
  2. Automatically Publish to npm using GitHub Actions - Sergio Xalambrí
  3. https://github.com/actions/setup-node/issues/130#issuecomment-691103257

Helpful when consuming said package:

  1. Github actions, 401 unauthorized when installing a Github Package with npm or yarn - Stack Overflow
  2. Install GitHub Package: Request Failed \”401 Unauthorized\” | by Peter Prins | Medium