I managed to publish a simple test package on the Github packageregistry using this tutorial : https://docs.github.com/en/packages/quickstart
Now, if I understand correctly, to use it in a project I have to create a .npmrc file with the following lines :
@OWNER:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=PAT
1- If somebody else wants to install my public package, do I need to provide them my own PAT ? Or can you install any Github public package with your own PAT ?
2- How can I hide my PAT from the .npmrc file ? I tried to setup a TOKEN variable in my .env file (located in the same directory as the .npmrc file) and calling it with ${TOKEN}, but it doesn't seem to work (authentication fails when running npm install, while inserting the same PAT directly in the file it works).
Thanks
1: Any PAT with the read:packages scope can read public packages. You don't need to provide your own PAT to anyone. See docs for details.
2: npm doesn't read from local .env files. You need to export the PAT as an environment variable (export TOKEN="ABC123"). Then you can use it with ${TOKEN} when calling the registry.