Creating packages is enjoyable, but managing them can be a challenge. GitHub Packages offers a solution that enables users to manage various packages, including npm packages, docker images, and NuGet packages, directly within their repositories.
Benefits of using GitHub Packages within a repository include:
- Centralized package management: Keep all packages in one place for easy maintenance.
- Association with the repository: Packages are closely linked to their respective repositories, simplifying organisation.
- Streamlined package building and release: The process for building and releasing packages is straightforward.
- Enhanced access control: Manage access to packages conveniently within the repository settings.
- Cost-effectiveness: GitHub Packages eliminates the need for additional package managers, offering robust support from free tiers to GitHub's services.
How do you publish and manage npm packages with GitHub?
To get started, you need to configure and publish your PAT token. Here’s how to do that step-by-step.
Step 1
Create two access tokens:
- A read-and-write access token (for storing all package versions).
- A read access token (to gain access to this package from another project).
Step 2
Log in to your GitHub organisation or your GitHub Profile Settings.
Step 3
Go to developer settings and select GitHub access token.
Step 4
In the “note” field, enter the description of your token, then select checkboxes:
☑️ write: packages
☑️ read: packages
☑️ delete: packages
Repeat steps from point 4 just for the read-only token.
Step 5
Add the values needed in the package.json:
It's a good idea to add the .npmrc file so they can easily add all access settings (although you can also do this manually); this is used for updating the package when sending a new version to the repository.
Keeping the .npmrc with write access locally for development, testing, or releasing using GitHub Actions and the publishing process is good practice. This is to avoid storing the write token in the repository instead of using GITHUB_TOKEN in the workflow. We can easily store .npmrc in another project's repository for the read token.
After configuring everything, you can easily publish your package using the command npm publish.
That's it for publishing; you should now see this package in your repository and package details.
How to manage the GitHub repository
Managing a GitHub repo involves handling its development stages, such as version control, teamwork, issue tracking, and project administration. Good oversight keeps things running smoothly and sets your project up for success. Let's explore critical tasks and helpful tips for managing your GitHub repo!
Managing a GitHub repo involves handling its development stages, such as version control, teamwork, issue tracking, and project administration. Good oversight keeps things running smoothly and sets your project up for success. Let's explore critical tasks and helpful tips for managing your GitHub repo!
An example of a package:
An example of package details:
How to upload your package to another project.
Install it from the command line:
Then install via package.json:
In your project, you can also store the .npmrc file with configuration and read token (this is the same file as on upper setup example...but with a read token). You can find more information about how to use npm with GitHub here.
How to remove packages from GitHub for private repositories
'You can only delete a specified version of a private package on GitHub or with the GraphQL API. To remove an entire private package from appearing on GitHub, you must delete every package version first' (GitHub).
How to remove packages from GitHub for public repositories.
'To avoid breaking projects that may depend on your packages, you cannot delete an entire public package or specific versions of a public package.
Under special circumstances, such as for legal reasons or to conform with GDPR standards, you can ask GitHub Support to delete a public package for you using our contact form' (GitHub).
How to delete GitHub packages via a browser.
Step 1
Go to your package repository, click “packages” and click your package name.
Step 2
Use the “edit package” drop-down on the right and select “manage versions.”
Step 3
To the right of the version you need to delete, click “delete”.
How to delete packages via GraphQL
Use the deletePackageVersion mutation in the GraphQL API. You must use a token with the read:packages, delete:packages, and repo scopes.
It's also worth remembering that you cannot delete an entire package, but if you delete every version of a package, the package will no longer show on GitHub.
It's easy to set up and use npm!
You can see how easy it is to set up and use npm in existing GitHub repositories and the benefits it brings.
Mastering NPM package management with GitHub opens up a world of possibilities for developers. By adhering to best practices and leveraging the powerful features of GitHub Packages, such as centralised management and streamlined workflows, developers can enhance collaboration, improve efficiency, and ensure project success!
Applying careful configuration and attention to detail from the start in our projects has undoubtedly helped us improve my workflow and efficiency daily; I hope you like using GitHub packages as much as I do.
- NPM packages
Innerworks and Cogworks are proud to partner with Community TechAid who aim to enable sustainable access to technology and skills needed to ensure digital inclusion for all. Any support you can give is hugely appreciated.