Skip to content

Commit 07511dc

Browse files
feat(posts): add "Install private npm GitHub Package in CI"
Post: 2026-04-24-install-private-npm-github-package-in-ci.md
1 parent 7d32a62 commit 07511dc

1 file changed

Lines changed: 100 additions & 0 deletions

File tree

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
---
2+
layout: post
3+
title: Install private npm GitHub Package in CI
4+
date: 2026-04-24 20:21:05
5+
excerpt: How to install a private npm GitHub Package in GitHub Actions CI.
6+
categories: github package npm
7+
---
8+
9+
This post goes over how to install a private npm GitHub Package in GitHub Actions CI.
10+
11+
## Problem
12+
13+
You get an error when installing a private npm GitHub Package in GitHub Actions CI:
14+
15+
```
16+
Forbidden - 403
17+
```
18+
19+
## Package settings
20+
21+
Go to your package settings (repository > **Packages** > **Package settings**).
22+
23+
If the package is owned by your organization:
24+
25+
```
26+
https://github.com/orgs/<my-user>/packages/npm/<my-package>/settings
27+
```
28+
29+
Or by your personal user account:
30+
31+
```
32+
https://github.com/users/<my-user>/packages/npm/<my-package>/settings
33+
```
34+
35+
**Manage Actions access** > **Add Repository**:
36+
37+
- Pick the repositories that can access this package using GitHub Actions.
38+
39+
## .npmrc
40+
41+
Add the following to your `.npmrc`:
42+
43+
```
44+
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
45+
@my-org:registry=https://npm.pkg.github.com
46+
```
47+
48+
## GitHub Actions
49+
50+
Set the permission in your `.github/workflows/my-workflow.yml`:
51+
52+
```yml
53+
permissions:
54+
packages: read
55+
```
56+
57+
{% raw %}
58+
59+
Now you can install the package with `${{ github.token }}` or `${{ secrets.GITHUB_TOKEN }}`:
60+
61+
```yml
62+
- name: Install dependencies
63+
shell: bash
64+
run: npm install
65+
env:
66+
GITHUB_TOKEN: ${{ github.token }}
67+
```
68+
69+
Or configure the auth token before install:
70+
71+
```yml
72+
- name: Configure auth token
73+
shell: bash
74+
run: |
75+
sed -i '/\/\/npm\.pkg\.github\.com\/:_authToken/d' .npmrc
76+
npm config set '//npm.pkg.github.com/:_authToken' '${{ github.token }}'
77+
```
78+
79+
{% endraw %}
80+
81+
## Classic PAT
82+
83+
Alternatively, you can create a [personal access token (classic)](https://github.com/settings/tokens/new) with the scopes:
84+
85+
- [x] `repo` (Full control of private repositories)
86+
- [x] `read:packages` (Download packages from GitHub Package Registry)
87+
88+
Check if your token works:
89+
90+
```sh
91+
GITHUB_TOKEN=ghp_*** pnpm view @my-org/my-package version
92+
```
93+
94+
If you get the error:
95+
96+
```
97+
403 Forbidden - GET https://npm.pkg.github.com/@my-org%2fmy-package - Permission permission_denied: `my-org` forbids access via a personal access token (classic). Please use a GitHub App, OAuth App, or a personal access token with fine-grained permissions.
98+
```
99+
100+
Then create a [fine-grained PAT](https://github.com/settings/personal-access-tokens/new) or app.

0 commit comments

Comments
 (0)