When using the NPM package, there are certain conditions where we need to install the NPM package that is private and only specific to our use case. This package is tagged as private which is not installed by the public user except our own entity.
We can create a package and test it as private. We can follow the following step.
The first step is to Publish the Package to Github
Create a file release-package.yml inside .github/workflows folder.
.github/workflows/release-package.ymlA sample file as
name: Node.js Package relase
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
- run: npm ci
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
registry-url: https://npm.pkg.github.com/
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}${{secrets.GITHUB_TOKEN}} – This should be generated from the GitHub token generator. https://github.com/settings/tokens
We can add an npm test if needed as – run: npm test
Just commit the changes to the package and push it to our private repo.
The work on the package is done. The publishing package is now private.
Now we need to add the private package to our project. Create .npmrc file
Inside npmrc file, the content will be like this
# In case of scripbox packages, scope is going to be scripbox
@<scope>:registry = https://npm.pkg.github.com
_authToken = <AUTH_TOKEN>
always-auth = true<scope> should be the repo owner label
<AUTH_TOKEN> should be generated from https://github.com/settings/tokens with proper permission.
Now just need to add the private package which will be an authorized repo, as
yarn add @xyz/xyz-abc@1.0.0The version number will be fetched from the publish package as a tag.
Now we are using the private package, in our project which won’t be accessed by the public.