4

I managed to publish a simple test package on the Github packageregistry using this tutorial : https://docs.github.com/en/packages/quickstart

Now, if I understand correctly, to use it in a project I have to create a .npmrc file with the following lines :

@OWNER:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=PAT

1- If somebody else wants to install my public package, do I need to provide them my own PAT ? Or can you install any Github public package with your own PAT ?

2- How can I hide my PAT from the .npmrc file ? I tried to setup a TOKEN variable in my .env file (located in the same directory as the .npmrc file) and calling it with ${TOKEN}, but it doesn't seem to work (authentication fails when running npm install, while inserting the same PAT directly in the file it works).

Thanks

Nite
  • 323
  • 1
  • 4
  • 12

2 Answers2

2

1: Any PAT with the read:packages scope can read public packages. You don't need to provide your own PAT to anyone. See docs for details.

2: npm doesn't read from local .env files. You need to export the PAT as an environment variable (export TOKEN="ABC123"). Then you can use it with ${TOKEN} when calling the registry.

tinaheidinger
  • 854
  • 1
  • 8
  • 21
0

Looks like you'll have to export your PAT from your local machine's shell since .npmrc does not read the .env file. Please see the following thread: https://stackoverflow.com/a/55578270/6026781

JobanM
  • 1
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – Tyler2P Jul 23 '22 at 10:09