Download from Github Package Registry without authentication

So I guess this is only usefull for private artifacts. Very unfortunate indeed  for opensource.

I am very disapointed with it. It took me hours to actually push packages there using all the fragmented documentation that was provided to find out that people won’t be able to use it… Totally wasted my time, I’ll have to move to an other working packaging system, requiring authentication to download from public repositories is pointless.


Requiring github auth for public repo artifacts makes this pretty useless for Open Source projects.

That’s really disappointing to see from GitHub. I hope this gets fixed soon. 

For now, Open Source projects will have to look elsewhere.


Same here. Was almost OK with the extra hassle / need to add repository configs for all different libraries with different repositorioes on github, only to discover that it is actually unusable without authentication. Having a per-user/org repository with the ability to push to it with actions and able to read packages without authentication is something that would be needed for open source.

1 Like

As GH Package regsitry has been officially released, is there any plan on allowing public packages to be downloaded without authentication?

I think it would be useless for open source projects asking users to authenticate to get packages. This is a manditory requirement which is already there in systems like maven central


Thanks for everything

Any news on this matter, considering the fact NPM was just bought by Microsoft (Github)?

Auth for public packages is an absolute no-go and must be resolved asap. 



I also had this authentication problem, I can’t download a package without authentication, I hope it will be resolved!

The need to authenticate is one thing, which maybe can be understood. However if I create a personal access token with read:packages scope, that’s the error that I get:

Error authenticating user: Personal Access Token is invalid. Your token must have the `repo` and read:packages` scopes to login to the GitHub Package Registry.

That’s what I would like to avoid, storing my access token that gives full write access to all repos, releases, etc… in my account, in a plaintext file on my laptop.

Hello @andreagriffiths11 

@andreagriffiths11 wrote:

Hi @markenson


Thank you for being here! Currently you need to authenticate to download both public and private packages I’m afraid. We are investigating how, going forwards, beyond the beta we maybe able to offer this functionality, however this could be a way off yet - I’ve added a +1 against this for you, and we’ll let you know as soon as we have an update that we can share surrounding this. Keep an eye on for all updates meanwhile.

Today I used the registration of packages for Maven for the first time.

The publication process was very simple and the available documentation was sufficient.

My difficulty started when using the registered package.

As my project is open source, being public, I believed it would only be related to dependence and use.

But unfortunately I came across the issue that we must authenticate with user and token to perform the restoration of dependencies. I agree with most of the staff, this requirement does not seem to make sense for public projects.

I would love to keep most of my stack on github, but I am being forced to look for another package record.

I hope, very hopefully, this implementation will make it possible to use it without authentication for public packages.

Thank you for your attention.

1 Like

This is pretty important to me. I’m publishing a library via Maven/Gradle, and I really like the functionality that Github packages provides for me (as a publisher). However, I’m not willing to use Github packages as my primary distribution method if all of my users are required to not only add a new maven repository to their project (i.e. the specific repository for my project) but to generate an access token and add that to their project. 

Is there any plan to support this, or should I look at alternative hosting for my packages? 


@andreagriffiths11any updates about this feature?


Dear Github, well, this is at least silly. Please let everyone use the GPR without authentication as well, it just doesn’t make sense!


Register application

Is there still no solution for this problem?

1 Like

Is there any updates on this issue? When it is expected to be fixed?

Authentication make me hard to use these package in CI environment…

1 Like

any updates? i think this more important than the icons update


I will also switch to a different solution, because of this limitation