What is Privato?

Privato is a lightweight custom npm registry that allows you to use your private packages hosted on GitHub.

The difference between using Privato and using git/ssh protocols to download GitHub hosted packages directly is that Privato allows you to do proper npm updates of your packages.

There is no need to publish versions through npm as Privato uses GitHub tags/releases for versioning, and its tarballs for downloads.

Creating a GitHub personal access token

Your GitHub personal access token will be used to authenticate you with the registry. Privato doesn't have a user management system, and it relies on GitHub API for authentication.

To get your personal access token visit github.com/settings/tokens and click on Generate new token. From this screen make sure to grant following scopes:

• repo
• read:org

Associating a scope with a registry

Scopes can be associated with a separate registry. This allows you to seamlessly use a mix of packages from the primary npm registry and one or more private registries, such as Privato or npm Enterprise.

You can associate a scope with a registry using npm config:

npm config set "@munogu:registry" https://npm.munogu.io/api/GITHUB-ACCESS-TOKEN

Once a scope is associated with a registry, any npm install for a package with that scope will request packages from that registry instead. Any npm publish for a package name that contains the scope will be published to that registry instead.

Installing/updating packages

Package names are automatically generated based on the repository name. To see your packages you will need to create at least one tag/release on the repository, using a semver compatible name.

The GitHub repository named munogu/example will be available under @munogu/example name on your Privato registry. e.g.

npm install @munogu/example