GitHub Package Registry with Private Packages & Proxying Scope to NPM

I have some scoped public packages on npm registry as using scopes seems to be a good practice in general. Of course I have the same username on npm registry and GitHub and both registries require that the scope I can publish to is my username - which all makes sense.

I have published a private package to GPR call it @activescott/my-private-package. I can install that package successfully using the .npmrc as follows

registry=https://npm.pkg.github.com/activescott
//npm.pkg.github.com/:_authToken=MY_PERSONAL_ACCESS_TOKEN
always-auth=true

and the following install command:

$ npm install @activescott/apple-availability@1.1.3

The issue comes when I try to install a public package with this command:

npm add @activescott/eslint-config

I get the following error:

npm ERR! code E404
npm ERR! 404 Not Found - GET https://npm.pkg.github.com/activescott/@activescott%2feslint-config - npm package "eslint-config" does not exist under owner "activescott"
...

How can I pull some packages from the same scope that are private on GPR and public on npm registry?

9 Likes

@activescott did you figured out the solution for this situation. Me too running into the same problem.

Unfortunately I did not. I ended up stopping the use of GPR due to this issue :frowning:

I’m having the same exact issue and am contemplating not using GPR as well because of this.

@activescott,

I’m wondering how you would expect this to work? 

registry=https://npm.pkg.github.com/activescott
//npm.pkg.github.com/:_authToken=MY_PERSONAL_ACCESS_TOKEN
always-auth=true

At the moment this will source everything in the @activescott scope from GitHub and proxy everything else from the public npm registry (similar to if you explicitly defined @activescott=[https://npm.pkg.github.com](https://npm.pkg.github.com)). Do you think it should fall back to using npm registry for public packages? I can see how that would make sense.

Yes, the outcome I want is to have it first get private packages from GPR, then fall back to using npm registry for public packages when they’re not on GPR. I’m open to configuring it differently, I just couldn’t find a way.

3 Likes

We have the same issue, we have a public company profile on npmjs.com and would like to use github for the private packages. Github enforces @company that we are already using for our public packages on npmjs.com and npm does not support using multiple repos. So we can’t really use github for this at the moment.

Falling back to the npm registry for public scoped packages would be great! As others in this thread pointed out, this is a main issue in GPR adoption.