Turns out open source GitHub Packages are totally worthless because they always require a personal access token to download, requiring you to inject access tokens into everything just to install packages.
For how to publish, see For how to install, see https://github.com/electrovir/github-packages-experiment-1
- Follow the
Authenticating to GitHub Packages
steps here: https://docs.github.com/en/[email protected]/packages/working-with-a-github-packages-registry/working-with-the-npm-registry#authenticating-to-github-packages - Create an
.npmrc
file that looks like the one in this repo inside the repo that will install from GitHub Packages. - Add a new line for each user or organization whose packages should come from the GitHub Packages registry (rather than npm registry) into the
.npmrc
file. - Run
npm i @owner/package-name