Skip to main content

Publishing a package

You can publish a package to GitHub Packages to make the package available for others to download and re-use.

Who can use this feature?

Anyone with write permissions for a repository can publish a package to that repository.

GitHub Packages is available with GitHub Free, GitHub Pro, GitHub Free for organizations, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server 3.0 or higher.


GitHub Packages is not available for private repositories owned by accounts using legacy per-repository plans. Also, accounts using legacy per-repository plans cannot access registries that support granular permissions, because these accounts are billed by repository. Enterprise Managed Users do not have individual storage allocation to publish packages within their account's namespace, but can publish to an organization's namespace. For additional information on Enterprise Managed Users, see "About Enterprise Managed Users." For the list of registries that support granular permissions, see "About permissions for GitHub Packages." For more information, see "GitHub’s plans."

About published packages

You can help people understand and use your package by providing a description and other details like installation and usage instructions on the package page. GitHub Enterprise Cloud provides metadata for each version, such as the publication date, download activity, and recent versions. For an example package page, see @Codertocat/hello-world-npm.

You can publish packages in a public repository (public packages) to share with all of GitHub, or in a private repository (private packages) to share with collaborators or an organization. A repository can be connected to more than one package. To prevent confusion, make sure the README and description clearly provide information about each package.

If a new version of a package fixes a security vulnerability, you should publish a security advisory in your repository. GitHub reviews each published security advisory and may use it to send Dependabot alerts to affected repositories. For more information, see "About repository security advisories."

Publishing a package

GitHub Packages only supports authentication using a personal access token (classic). For more information, see "Managing your personal access tokens."

You can publish a package to GitHub Packages using any supported package client by following the same general guidelines.

  1. Create or use an existing personal access token (classic) with the appropriate scopes for the task you want to accomplish. For more information, see "About permissions for GitHub Packages."
  2. Authenticate to GitHub Packages using your personal access token (classic) and the instructions for your package client.
  3. Publish the package using the instructions for your package client.

For instructions specific to your package client, see "Working with a GitHub Packages registry."

After you publish a package, you can view the package on GitHub. For more information, see "Viewing packages."