We publish private packages to the github registry. The standard way to access the registry on your machine is to use a
.npmrc file. However, once you try to deploy to vercel (or other providers), this will not work since the switch to Yarn v3 no longer uses
.npmrc. In my case, the Vercel documentation, nor the discussion solutions provided correct solutions.
The problem is that the deployment provider (eg. Vercel) must authenticate with the Github package registry properly, before it can install your private packages.
Create a new Classic Personal Access Token with scope
read:packages in your Github settings.
Then update your
npmScopes: your-organization: npmRegistryServer: https://npm.pkg.github.com npmAlwaysAuth: true npmAuthToken: '<YOUR_PAT>'
WARNING: Ensure scope is limited to read-only access. Also, never use this for public repos, since your PAT is checked into git. Until Yarn v3 enables environment variables, there unfortunately isn’t a more secure solution that works for local & deployment environments.