Public and private packages in GitHub Package Registry

Asked 11/9, 2019 at 11:42 Answered 16/5, 2022 at 12:35

Is it possible to change package visibility from private to public and vice versa?

In documentation there is a statement:

Private and public software packages: You can host packages privately or make them public. You can host packages privately and share them with your coworkers or organization, or make them public for the entire world.

But I can't find any setting in the repo or info in documentation on how to make the package public.

Use case I'm trying to achieve: Private repository with SDK source code and public (stable releases) / private (internal testing) packages.

We can just make a separate public repo with public releases, but it's a bit overhead and breaks the main idea of hosting code and packages in one place:

GitHub Package Registry is a software package hosting service, similar to npmjs.org, rubygems.org, or hub.docker.com, that allows you to host your packages and code in one place.

Will appreciate any help and information.

Adal answered 11/9, 2019 at 11:42 Comment(0)

As you suspected there is no way to set the visibility on a package basis at the moment. It is based on the visibility of the repo.

From the launch notes:

Packages on GitHub inherit the visibility and permissions associated with the repository, and organizations no longer need to maintain a separate package registry and mirror permissions across systems.

Expansion answered 8/10, 2019 at 21:35 Comment(3)

Well that's strange, because I published a package in a public repo, but it asks for authentication if you try to download it. See also: #64419843 (currently unanswered). – Faun 20/10, 2020 at 11:3

OK "public" doesn't mean "public when accessed through Maven" - you still need to authenticate. – Faun 20/10, 2020 at 11:12

It's weird but my repo with internal visibility creates private packages instead of internal. Even after enabling it from organization settings. – Birkenhead 8/12, 2022 at 11:28

There are organization level permissions for packages. When under organization, make sure to enable what you need.

Settings -> Packages -> Packages Permissions -> Package Creation

After that go back to organization home, Packages tab -> Click the package you want to change visibility -> Package Settings (See picture below)

Welltimed answered 16/5, 2022 at 12:35 Comment(1)

For the record: after clicking on "Package settings" the button to change the visibility is down in the "DANGER ZONE". – Capita 1/10, 2023 at 13:20

There are restrictions in place, mostly oriented around public packages. Github doesn't want people to delete or make private, packages that are public as others may be dependent on them. So you can't delete a public package, even via the GraphQL API (private packages only may be deleted)

If the repo has been forked from a public repo, you can't change the repo to a private one (and thus make the package private). You would have to duplicate the repository and so it becomes a different repo.

So, try not to make mistakes when publishing :-)

Orian answered 10/11, 2019 at 0:57 Comment(0)

Recommended topics

Hot tags