GitHub Package Registry and Npm Registry for same scoped does not work @ 2020-01-10

README.md

📝 I submit the same text to GitHub Support.

---

I want to use same scope for npm package and GitHub Package Registry.

For example, @org scope exist in npm and GitHub.

• @org/foo-public package is public on npm registry
• @org/bar-private package is private on GitHub Package Registry

This situation is often the case. @org/foo-public is OSS library and @org/bar-private is internal library.

But, I can not use both at same time.

When I used following npmrc config, I could not refer to @org/foo-public. Because https://npm.pkg.github.com/foo does not proxy to npm I can only refer to @org/bar-private

//npm.pkg.github.com/:_authToken=YYY
registry="https://npm.pkg.github.com/org"

Reproduce Example

.npmrc

//registry.npmjs.org/:_authToken=XXX # login my npm account
//npm.pkg.github.com/:_authToken=YYY # login my github account

registry=https://npm.pkg.github.com/azu

Refs: https://help.github.com/en/github/managing-packages-with-github-packages/configuring-npm-for-use-with-github-packages#installing-packages-from-other-organizations

Example Pacakge

• npm: https://www.npmjs.com/package/@azu/testtest
  • is my public package on npm reigstry
• GitHub: https://github.com/azu/npm-github-package-example
  • is my package on GitHub Package reigstry

Actual

I can not fetch @azu/testtest package from npm reigstry. Because, GitHub Package Registry does not proxy to npm registry about scoped package.

$  npm info @azu/testtest
npm ERR! code E404
npm ERR! 404 '@azu/testtest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404
npm ERR! 404  '@azu/testtest@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/azu/.npm/_logs/2020-01-10T13_54_07_224Z-debug.log

@azu scope work only for GitHub Package Registry

$ npm info @azu/npm-github-package-example

@azu/[email protected] | MIT | deps: none | versions: 9
npm registry to GitHub Package Registry example.
https://github.com/azu/npm-github-package-example

dist
.tarball: https://npm.pkg.github.com/download/@azu/npm-github-package-example/2.3.0/3bdb8322c3344012bcf5ab5819f433fc1e2029ca5a9cf42e8580a2dd0086d9e1
.shasum:

dist-tags:
latest: 2.3.0

published over a year ago by undefined <undefined>

Expected

Both is work.

$ npm info @azu/testtest

@azu/[email protected] | MIT | deps: none | versions: 2

dist
.tarball: https://registry.npmjs.org/@azu/testtest/-/testtest-1.0.0.tgz
.shasum: a8ed44b4e3ea61011fc257a238aa36306ef316f3
.integrity: sha512-UPyAXnx64pWO14oUGwJlTm1f1VAIMOWMKl5YlXCXETxfJSBxjHi0WR2sKk2JVls1CacLttmv0FwXXwFufNJvIg==
.unpackedSize: 230 B

maintainers:
- azu <[email protected]>

dist-tags:
a1: 1.0.1      a: 1.0.0       latest: 1.0.0

published 6 months ago by azu <[email protected]>

$ npm info @azu/npm-github-package-example

@azu/[email protected] | MIT | deps: none | versions: 9
npm registry to GitHub Package Registry example.
https://github.com/azu/npm-github-package-example

dist
.tarball: https://npm.pkg.github.com/download/@azu/npm-github-package-example/2.3.0/3bdb8322c3344012bcf5ab5819f433fc1e2029ca5a9cf42e8580a2dd0086d9e1
.shasum:

dist-tags:
latest: 2.3.0

published over a year ago by undefined <undefined>

Question

Is this bug of GitHub Package Registry?

I think that registry="https://npm.pkg.github.com/org should proxy to npm's @org/* package. This feature is called Uplinks in verdaccio.

• https://verdaccio.org/docs/en/uplinks
• https://stackoverflow.com/questions/54543979/npmrc-multiple-registries-for-the-same-scope

It seem that yarnpkg registry support similar proxy feature.

GitHub Package Registry does not work.

$ npm info @azu/testtest --registry "https://npm.pkg.github.com/azu"
npm ERR! code E404

yarnpkg registry does work.

$ npm info @azu/testtest --registry "https://registry.yarnpkg.com"

@azu/[email protected] | MIT | deps: none | versions: 2

dist
.tarball: https://registry.npmjs.org/@azu/testtest/-/testtest-1.0.0.tgz
.shasum: a8ed44b4e3ea61011fc257a238aa36306ef316f3
.integrity: sha512-UPyAXnx64pWO14oUGwJlTm1f1VAIMOWMKl5YlXCXETxfJSBxjHi0WR2sKk2JVls1CacLttmv0FwXXwFufNJvIg==
.unpackedSize: 230 B

maintainers:
- azu <[email protected]>

dist-tags:
a1: 1.0.1      a: 1.0.0       latest: 1.0.0

published 6 months ago by azu <[email protected]>

Summary

I've tested variable patterns for combination registries.

Pattern A

registry="https://npm.pkg.github.com/ORG"

Pattern B

registry="https://registry.npmjs.org"
@ORG:registry="https://npm.pkg.github.com/ORG"

Pattern C

registry="https://registry.npmjs.org"
@ORG:registry="https://npm.pkg.github.com"

Related

• Solved: Github Package Registry scope conflict with proxy - GitHub Community Forum

Pattern D

registry=https://npm.pkg.github.com/ORG
@ORG:registry=https://registry.npmjs.org

Results

Pattern	non-scoped package	Npm @ORG/*	GitHub @ORG/*
A	ok	ng	ok
B	ok	ng	ok
C	ok	ng	ok
D	ok	ok	ng

If anyone's struggling with this in 2025, I created a proxy that handles both npm and GitHub Packages https://npm.pkg.heyapi.dev/

Configuring it is straightforward in your .npmrc

//npm.pkg.heyapi.dev/:_authToken=${TOKEN}
@hey-api:registry=https://npm.pkg.heyapi.dev

Assuming you're publishing private packages to GitHub Packages, TOKEN would be the GitHub personal access token. Contact me if you need some changes to it!