Every @teqbench package is published to GitHub Packages under the @teqbench npm scope. Installing them from a fresh machine or CI runner requires two things: telling npm where to find the scope, and giving it a token with read:packages permission so GitHub will serve the tarballs.
Create a personal access token
- Visit github.com/settings/tokens and click Generate new token (classic).
- Give it a descriptive name (e.g.
npm read:packages), set an expiration, and enable theread:packagesscope. No other scopes are required for installing the packages. - Click Generate token and copy the value — you won't be able to see it again after you leave the page.
Fine-grained personal access tokens do not yet work with the npm package read endpoint on
npm.pkg.github.com. Use a classic token for installs until GitHub lifts that restriction.
Export the token as NPM_TOKEN
npm reads the token from the NPM_TOKEN environment variable. For local development, add it to your shell profile (adjust for ~/.bashrc, ~/.zshrc, or your shell's equivalent):
export NPM_TOKEN=ghp_your_token_hereReload the shell (source ~/.zshrc) or open a new terminal so the variable is in scope.
Configure .npmrc
Create a project-level .npmrc alongside package.json with two lines — one to route the @teqbench scope to GitHub Packages, and one to reference the token from the environment rather than hard-coding it:
@teqbench:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${NPM_TOKEN}The ${NPM_TOKEN} expansion is evaluated by npm at install time, so the actual token never lives in your repository. Commit this file — everyone on the team (and CI) will set their own NPM_TOKEN but share the same registry config.
Install a package and verify
With the .npmrc in place and NPM_TOKEN exported, install any @teqbench package:
npm install @teqbench/tbx-modelsConfirm npm resolved it from GitHub Packages rather than the public registry:
npm view @teqbench/tbx-models dist.tarballThe tarball URL should start with https://npm.pkg.github.com/ — if it starts with https://registry.npmjs.org/, the scope isn't being routed correctly.
Common errors
401 Unauthorized on install. NPM_TOKEN is empty or the token has been revoked. Re-export it in the current shell and retry. Verify with echo $NPM_TOKEN before running npm install again.
403 Forbidden on install. The token exists but is missing read:packages. Generate a new classic PAT with the scope enabled and swap it in.
404 Not Found for a specific version. The version doesn't exist on the GitHub Packages registry, or npm is resolving from the public registry. Check the .npmrc is in the same directory as package.json and the file is not overridden by a ~/.npmrc with conflicting scope config.
Install works locally but fails in CI. The CI job needs its own NPM_TOKEN secret and must expose it to the install step as an environment variable:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- run: npm ci
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}Store the token in the repo or organization Settings → Secrets and variables → Actions. Do not commit it, and do not log $NPM_TOKEN in workflow output — GitHub's secret-masking only catches values registered as secrets.
What to install next
Once npm install @teqbench/tbx-models succeeds, you have a working registry setup for the rest of the scope. See Configure the severity theme for the next step in a typical Angular Material–backed project.