Private packages from multiple GitHub orgs
Velumi now mints a GitHub App access token for every GitHub App installation on your Velumi organization at deploy time — not just the installation tied to the source repository.
This means projects can install private npm packages from multiple GitHub organizations in a single build. Previously, only one installation token was available, so pnpm install would fail if private packages lived in a different org than the source repo.
What changed
- Deploys automatically pick up all GitHub App installations on the Velumi org
- Each token is scoped to its GitHub organization so credentials don't bleed across orgs
- No configuration required — adding an installation is enough
How to use it
Install the Velumi GitHub App on every GitHub organization that hosts private packages your project depends on. Go to Organization → Integrations → Add Another Installation and follow the install flow for each org.
See Private npm packages from GitHub for details.