Save Money with GitHub's Package Manager

Save Time and Money: How to Leverage GitHub's Package Manager for Efficient Dependency Management

Who wouldn’t want to save some money? Today, I’ll show you how to do just that, specifically when it comes to managing private npm packages.

Typically, npm’s package manager charges a monthly fee for publishing private packages. While this might work for some companies, it can be a burden for smaller teams or personal projects. Thankfully, GitHub, the world’s most popular Git platform, offers a solution that’s both powerful and free.

Recently, I needed a way to publish a private npm package without incurring any costs. Using GitHub Actions and GitHub Package Manager, I successfully achieved this. Here’s a step-by-step guide to help you do the same.

1. Prerequisites

Before you begin, ensure you have:

  • A GitHub repository containing your NPM package.

  • A minimal configuration of the package.json file.

  • A GitHub account with permissions to create repositories and manage packages.

  • Node.js and npm installed locally for development.

2. Configure the package.json File

Modify your package.json file to indicate that you’ll be using GitHub Package Manager. Update the name field to include your GitHub username as the scope:

{
  "name": "@your-username/your-package",
  "version": "1.0.0",
  "description": "A private package published on GitHub Package Manager",
  "repository": {
    "type": "git",
    "url": "https://github.com/your-username/your-repo.git"
  },
  "publishConfig": {
    "registry": "https://npm.pkg.github.com/@your-username"
  }
}

Be sure to replace your-username and your-repo with your actual GitHub username and repository name.

3. Generate an Access Token on GitHub

To publish your package, you’ll need a personal access token with the appropriate permissions.

  1. Go to GitHub Account Settings.

  2. Create a Personal Access Token (classic) with the following permissions:

    • write:packages

    • read:packages

    • repo (if the repository is private).

  3. Save the token in a secure location, such as a password manager.

4. Configure GitHub Actions

Create a workflow to automate the process of building and publishing your package. Add the following YAML file to .github/workflows/publish.yml in your repository:

name: Build and Deploy

on:
  push:
    branches:
      - release

jobs:
  publish-gpr:
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v1
        with:
          node-version: 20
          registry-url: https://npm.pkg.github.com/
          scope: '@your-username'
      - uses: pnpm/action-setup@v3
        with:
          version: 9.10.0
      - run: pnpm install
      - run: pnpm publish:build
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

This workflow will trigger whenever you push changes to the release branch and will automatically publish your package to GitHub Package Manager.

5. Test the Workflow

Commit and push the .github/workflows/publish.yml file to the release branch. If everything is set up correctly:

  1. GitHub Actions will trigger the workflow.

  2. The package will be published to GitHub Package Manager.

  3. You’ll find the package in the Packages tab of your repository.

6. Install the Published Package

To use the package in another project, add an .npmrc file to the project with the following content:

@tuo_username:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=YOUR_TOKEN
engine-strict=true

Run the npm command to install the package:

npm install @your-username/your-package

Don’t forget to replace YOUR_TOKEN with the token created in Step 3.

Conclusion

Publishing private npm packages with GitHub Package Manager is a cost-effective and streamlined alternative to traditional npm services. By leveraging GitHub Actions, you can fully automate the process, saving both time and resources.

This approach not only eliminates the need for paid npm private packages but also integrates seamlessly into GitHub’s ecosystem, where your code, versioning, and packages are all managed in one place.

If you encounter any issues or have questions, feel free to leave a comment. Happy coding! 🚀

Stay in the loop!

Subscribe to my newsletter for exclusive content, practical resources, and fresh ideas for your projects