Accessing private Github package registry

Our site build fetches dependencies from a private Github package registry.
How do I set up the build to use Github access token to authenticate to GH packages?

Hi @mrslump and sorry to be slow to get back to you! None of our Support team use that GH feature, but we found someone who did and they clued us in to their workflow.

This is the flow that we use for one of our private GH0hosted dependencies. This is the entire npmrc on that codebase:


We set $NPM_TOKEN in our site environment variables, on the build & deploy settings page, and then .npmrc lives next to package.json and things should Just Work.

Note that if you use that locally, you will need to have $NPM_TOKEN set locally too! Should work the same on Netlify and locally :slight_smile:


In dev sandboxes we configure the NPM token in ~/.npmrc and would like to have it working in local environments without having to tweak additional environment variables.
I was planning to create a script for setting this up when building on Netlify.

However, I’m currently having some problems with this.
It seems that right after Netlify clones my git repo it runs yarn install automatically and only then runs the build script I’ve configured.

Is it possible to get a custom command/script to run before or instead of yarn install?

Unfortunately no, you cannot do anything before we install dependencies automatically UNLESS your site has no dependency installation config (no package.json/yarn.lock), which seems like it isn’t an option for you.

We are working to extend build plugins ( to allow scripts to run before dependency installation, and I will report back in this thread once we ship that feature, since it will unblock you in some ways at least.

I don’t know a good way to avoid using npmrc, so not sure how to unblock you further on that requirement around your local env.

Thanks for the update!

Can you give any tentative estimates on what the schedule for making this feature available could be?

hi @mrslump, you might keep an eye here:

1 Like

Just to make sure your question got an answer: we don’t promise delivery dates for code not yet written yet. Following that issue will be your best indicator of work progressing :slight_smile:

1 Like