Why do public packages need authentication? #25979
-
I’ve recently published a public package in github npm registry - https://github.com/flamy-dev/cornerstoneWebImageLoader/packages/297934. I added this to a repo, and the CI was unable to build because it needed authentication for accessing the repo.
Added this to yarn error message:
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Hi @meetmangukiya, Unfortunately, you need to use a PAT with the If you want developers to be able to clone and build your project without generating their own PAT, you can create a
If you have Docker installed, you can generate the
I hope that helps! |
Beta Was this translation helpful? Give feedback.
-
So, basically publish my own token? However, this still doesn’t allow people to add this package as dependency and be able to build their project without a token, right? |
Beta Was this translation helpful? Give feedback.
-
Right. Packages are only accessible to GitHub accounts via a PAT, they’re not completely public. They’re really geared towards private dependencies not public dependencies (like npmjs.com or NuGet.com is). You might want to use them for dependencies between repositories, when a package isn’t ready to be published to a public repository yet. Does that make sense? |
Beta Was this translation helpful? Give feedback.
@meetmangukiya,
Right. Packages are only accessible to GitHub accounts via a PAT, they’re not completely public. They’re really geared towards private dependencies not public dependencies (like npmjs.com or NuGet.com is).
You might want to use them for dependencies between repositories, when a package isn’t ready to be published to a public repository yet.
Does that make sense?