DEV Community


Publishing npm packages to multiple registries with Github actions

Željko Šević
Node.js developer with a Computer Science background focused on back-end web development
Originally published at on ・2 min read

This blog post covers what you need to know in order to automate publishing an npm package to Npm and Github package registries. It can also be useful if you want to publish a package only into one of the mentioned registries.

Github actions

Github action is a CI/CD tool integrated within Github repositories that can run different kinds of jobs (building, testing, deployment) when code is pushed to specific branches. The configuration file should be stored in .github/workflows inside the package repository.

Package registries

There are two main npm package registries, Npm and Github package registries (GPR), which are available at and respectively. The scope lets you group the packages (e.g. @OWNER/PACKAGE), it is required for every published package at GPR, while it is optional to use it at the Npm package registry. In this article, both of the registries will use the scope.

Prerequisites for publishing

In order to publish packages with Github actions, using an access token is required. For Npm new access token can be generated on the Access Tokens page, Automation access token is the most suitable for CI/CD pipeline. For Github, generated personal access token should have repo and write:packages scopes. To avoid exposing the credentials in the codebase, the Github action configuration file should use repository secrets. The package version should be incremented in regards to previously published version.


publish job contains commands for setting up the default registry, auth tokens, and running the publish script.

# .github/workflows/config.yml
# ...
  # ...
    needs: lint-test-audit
    runs-on: ubuntu-latest

      # ...
      - name: Set package registry
        run: npm config set registry
      - name: Github package registry authentication
        run: npm set // ${{ secrets.GPR_TOKEN }}
      - name: Npm registry authentication
        run: npm set // ${{ secrets.NPM_TOKEN }}
      - name: Publish the package to Github and Npm package registries
        run: npm publish
Enter fullscreen mode Exit fullscreen mode

postpublish npm script will trigger publishing to Npm package registry.

    "scripts": {
        "postpublish": "npm run publish-npm",
        "publish-npm": "npm publish --access public --ignore-scripts --@OWNER:registry=''"
Enter fullscreen mode Exit fullscreen mode

Package installation

After successfully publishing the public package, taking into account that the latest published versions of the package in both of the registries are the same, the package can be installed locally without any additional setup, it will use the Npm package registry as default one. If the user wants to install the package from GPR, the scoped registry has to be configured and the user has to be logged in into the registry.

npm config set @OWNER:registry
npm login --scope=@OWNER --registry=
Enter fullscreen mode Exit fullscreen mode


A working example is available at

Discussion (0)