Installing Your Private GitHub NPM Packages


By default, our out-of-the-box Workspace Starter kit comes standard with private npm packages hosted on the GitHub npm repository. This article is intended to provide a high-level guide for using your private packages in local development or CI/CD scenarios.

Note: this article assumes you have working knowledge of Personal Access Tokens (PATs). If you need a refresher, please review this help article.

Breaking down the process

There are two main requirements for using private packages:

  1. A personal access token (PAT)
  2. An .npmrc file (adjacent to the package.json file) referencing the PAT:


Tokens for local development

Tokens for local development can be set in an .env file (for project-level tokens) OR at a higher context (such as a bash_profile or .zshrc) for more global use. Example token definition in .zshrc:

export GITHUB_TOKEN="your-token-here"

Note: after adding the above snippet you'll either need to completely close your terminal and open a new window OR source your profile using the source command: source ~/.zshrc

Tokens in CI/CD

Tokens in a CI/CD context need to be set within the repository secrets/variables area. Where the secrets/variables are set differs in location based on repo provider:

  • GitHub uses secrets
  • GitLab uses variables
  • BitBucket uses variables

Enterprise considerations for using packages in CI/CD

Most enterprise customers have a specific user which is added to repositories for the expressed purpose of generating the token used in their CI/CD process. This allows the specified user to have full capabilities to revoke or alter the token at any time.

Please let us know which user to add and we'll handle it for you! Send an email to