401 while dowloading Scala package published publicly on Github from a public repo

Question

I published a Scala package on a public Github repo. The package visibility is also public, but a token was used to publish it which I provided inside the build.sbt as it's the required standard.

When I try to install that package in any of the projects, it shows 401(unauthorized) error.

I turned off the settings under the packages which is under the User Settings > Packages > Inherit access from source repository.

The error that I'm getting while trying to install the package is:

[info] welcome to sbt 1.10.2 (Oracle Corporation Java 13.0.2)
[info] loading settings for project use-dataimports-build-build from metals.sbt ...
[info] loading project definition from D:\use-dataimports\project\project
[info] loading settings for project use-dataimports-build from metals.sbt ...
[info] loading project definition from D:\use-dataimports\project
[success] Generated .bloop\use-dataimports-build.json
[success] Total time: 2 s, completed Jan. 16, 2025, 11:33:19 a.m.
[info] loading settings for project root from build.sbt ...
[info] set current project to use-dataimports (in build file:/D:/use-dataimports/)
[info] Executing in batch mode. For better performance use sbt's shell
[warn] 
[warn]  Note: Unresolved dependencies path:
[error] sbt.librarymanagement.ResolveException: Error downloading releases.com.org:package:0.0.1-SNAPSHOT
[error]   Not found
[error]   Not found
[error]   not found: C:\Users\yasha\.ivy2\local\releases.com.org\package\0.0.1-SNAPSHOT\ivys\ivy.xml
[error]   not found: https://repo1.maven.org/maven2/releases/com/org/package/0.0.1-SNAPSHOT/package-0.0.1-SNAPSHOT.pom
[error]   unauthorized: https://maven.pkg.github.com/user/package/releases/com/org/package/0.0.1-SNAPSHOT/package-0.0.1-SNAPSHOT.pom (GitHub Package Registry)
[error]     at lmcoursier.CoursierDependencyResolution.unresolvedWarningOrThrow(CoursierDependencyResolution.scala:346)
[error]     at lmcoursier.CoursierDependencyResolution.$anonfun$update$39(CoursierDependencyResolution.scala:315)
[error]     at scala.util.Either$LeftProjection.map(Either.scala:573)
[error]     at lmcoursier.CoursierDependencyResolution.update(CoursierDependencyResolution.scala:315)
[error]     at sbt.librarymanagement.DependencyResolution.update(DependencyResolution.scala:60)
[error]     at sbt.internal.LibraryManagement$.resolve$1(LibraryManagement.scala:60)
[error]     at sbt.internal.LibraryManagement$.$anonfun$cachedUpdate$12(LibraryManagement.scala:142)
[error]     at sbt.util.Tracked$.$anonfun$lastOutput$1(Tracked.scala:74)
[error]     at sbt.internal.LibraryManagement$.$anonfun$cachedUpdate$11(LibraryManagement.scala:144)
[error]     at sbt.internal.LibraryManagement$.$anonfun$cachedUpdate$11$adapted(LibraryManagement.scala:131)
[error]     at sbt.util.Tracked$.$anonfun$inputChangedW$1(Tracked.scala:220)
[error]     at sbt.internal.LibraryManagement$.cachedUpdate(LibraryManagement.scala:169)
[error]     at sbt.Classpaths$.$anonfun$updateTask0$1(Defaults.scala:3894)
[error]     at scala.Function1.$anonfun$compose$1(Function1.scala:49)
[error]     at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:63)
[error]     at sbt.std.Transform$$anon$4.work(Transform.scala:69)
[error]     at sbt.Execute.$anonfun$submit$2(Execute.scala:283)
[error]     at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:24)
[error]     at sbt.Execute.work(Execute.scala:292)
[error]     at sbt.Execute.$anonfun$submit$1(Execute.scala:283)
[error]     at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:265)
[error]     at sbt.CompletionService$$anon$2.call(CompletionService.scala:65)
[error]     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[error]     at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
[error]     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[error]     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
[error]     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
[error]     at java.base/java.lang.Thread.run(Thread.java:830)
[error] (update) sbt.librarymanagement.ResolveException: Error downloading releases.com.org:package:0.0.1-SNAPSHOT
[error]   Not found
[error]   Not found
[error]   not found: C:\Users\yasha\.ivy2\local\releases.com.org\package\0.0.1-SNAPSHOT\ivys\ivy.xml
[error]   not found: https://repo1.maven.org/maven2/releases/com/org/package/0.0.1-SNAPSHOT/package-0.0.1-SNAPSHOT.pom
[error]   unauthorized: https://maven.pkg.github.com/user/package/releases/com/org/package/0.0.1-SNAPSHOT/package-0.0.1-SNAPSHOT.pom (GitHub Package Registry)
[error] Total time: 2 s, completed Jan. 16, 2025, 11:33:21 a.m.

My aim is to make the package in such a way that it is publicly accessible without having the need to provide authentication in the configuration.

Answer 1

GitHub packages always require GitHub authentication to access packages, even public. Any authentication will do (maybe with exception of some fine grained tokens?), but it needs to be there, you cannot access the packages without being GitHub user.

https://docs.github.com/en/packages/learn-github-packages/about-permissions-for-github-packages#visibility-and-access-permissions-for-packages

In most registries, to pull a package, you must authenticate with a personal access token or GITHUB_TOKEN, regardless of whether the package is public or private. However, in the Container registry, public packages allow anonymous access and can be pulled without authentication or signing in via the CLI.

See relevant discussion at https://github.com/orgs/community/discussions/26634