Package not found in the Github Registry

I have a nodejs workflow and of course I am trying to install dependencies. One of those dependencies is in another repository’s package repo. I have the workflow authenticating just fine, but the problem is that it doesn’t find the package. 

Am I mising something?  The package is under joekaiser/test and the workflow is running at joekaiser/ci-test

To be clear, I know the pacakge exists. The same project builds in AWS CodePipeline.

npm ERR! 404 Not Found - GET - npm package "test" does not exist under owner "joekaiser"

name: BuildDeploy

      - release


    runs-on: ubuntu-latest

    - uses: actions/checkout@v1
    - name: Setup Node.js
      uses: actions/setup-node@v1
        node-version: 12
        scope: '@joekaiser'
    - name: npm install and build
        NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
        CI: true
      run: |
        npm install
        npm run build

At the moment you’ll need a personal access token for that.


Ahh, that’s what I figured. The GITHUB_TOKEN we generate is scoped to the repository that is running the Workflow. Unfortunately, this doesn’t allow us to install or publish packages from/to other repositories. I’ll bring this up in planning and we can figure out how to proceed here.

Related issue


This issue is still happening regardless whether one uses the GITHUB_TOKEN or the PERSONAL_ACCESS_TOKEN when the repository is Private.

Steps to reproduce.

  1. Create a Private repository “packages”.

  2. Add a folder for a basic package e.g. framework

  3. Publish the package to GPR either using actions or from the terminal. (configure .npmrc) e.g.


  "name": "@YOUR_ORG/framework",
  "version": "1.0.0",
  "description": "framework package",
  "repository": {
    "type": "git",
    "url": "git://"
  "publishConfig": {
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  "dependencies": {
    "lodash": "^4.17.10"




  1. Publish to GPR from with the framework folder.

    npm publish

  2. The publish will be successful but the package cannot be installed even when the token is used. e.g. a consumer with




  "name": "consumer",
  "version": "1.0.0",
  "description": "consumer",
  "main": "index.js",
  "license": "MIT",
  "scripts": {
    "start": "node index.js"
  "dependencies": {
    "@YOUR_ORG/framework": "^1.0.0"


  1. You will see Errors like below: (YOUR_ORG is your organisation)

    npm ERR! code E404
    npm ERR! 404 Not Found - GET
    npm ERR! 404
    npm ERR! 404 ‘@YOUR_ORG/framework@latest’ is not in the npm registry.
    npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
    npm ERR! 404
    npm ERR! 404 Note that you can also install from a
    npm ERR! 404 tarball, folder, http url, or git url.

You will also notice that the link to the Assets download on the packages page is “NOT FOUND when you hover over it”

NOTE: this behaviour might not happen straight away in some cases, the NOT FOUND issue might start happening 30 to 45 minutes after the package has be published.


Your .npmrc is incorrect. It should look like this:

//${{ secrets.GITHUB_PERSONAL_TOKEN }}

Also you should do this only on the CI, because when someone checkouts the repo, it won’t work obviously. I have a step in the CI for this:

- name: Set up NPM authentication
  run: echo "//${{ secrets.GITHUB_PERSONAL_TOKEN }}" >> ~/.npmrc
1 Like

Did you manage to get this working? I am getting the eact same error?


@krystof-k  The instructions I wrote above are mearnt to be sudo code and just a minimum guide on what someone needs to do to reproduce the issue, there are not mearnt to be a copy paste 100% accurate source code. You will have to properly write the variables and so on, but this not the issue here.

To fully understand the problem, create a sample package that is private roughly as I outlined in the steps with your correct variable configs and you will end up with the issue I reported. It does not matter whether you do it through github actions or from your local. The problem still exists and needs to be addressed otherwise GPR is not useful if people cannot reliably host and consume PRIVATE packages.


Facing the same issue with a private repository, can’t install the package and the assets link to I changed the visibility to public and I was able to install the package. 


@wpitalloI am still having the problem, I contacted github support about it and took a week before some guy got back to me and told me that he escalated the issue and have not heard anything since then so I am just waiting for someone from there to respond either on this thread or in the support ticket.

I just don’t get how something as critical as this issue slipped through their testing and quality assurance. At the very minimum, I would expect that if someone is providing a Package Registry, they ensure that it reliably satisfies both public and private use cases.

1 Like

Hmm, this is weird. In our repos it works fine (using the PAT). But we’re using Yarn, may that be the reason?

Since this issue evolved from the original question (and solution), see the new dedicated issue to here:


Hi, I had the same problem trying to deploy a private npm package on Github.

I solved it by changing the name in package.json

“name”: “@MyOrganizationName/MyRepoName”,
“publishConfig”: {
“registry”: “

Also in my npmrc:
//**********(Token generated from github)

Hope that helps :slight_smile:


This works for me. Thanks.

For everyone getting a 404 response even though everything seems correct: CHECK YOUR REPOSITORY FIELD.

I just spent 2 hours changing every line of my GitHub action and package.json and in the end, there was an outdated value in the repository field in the package.json. In my opinion the 404 error is really really not a helpful error message here.

Its the third quarter of 2121 and this issue still persists. SMH!! Any one of you remember how this was solved? I am having the EXACT same issue

As @ankri said, Make sure you generate a Personal Access Token with the appropriate scopes.

1 Like

I checked every box while generating my PAT just to be sure. But still :slightly_frowning_face:

This (@joekaiser’s solution) was the solution that worked for me. Checking the workflow box allowed install to proceed. What’s strange is that the permission doesn’t describe the situation it needs to be checked for. Github really needs to expand that.