Skip to content

Grant Access

Publishing does not grant access. A release in a private repo is invisible to anyone without read permission — GitHub answers 404 and doesn't even confirm the repo exists. Every publish therefore ends with an audience statement telling you who can install; this page is the "how to change that" companion.

Where the bundle livesWho can installHow to grant access
Private repo in your organizationMembers with read accessOrg base permission Read covers everyone; finer scoping via org teams
Your personal private repoOnly you + collaboratorsRepo → Settings → Collaborators → invite (they must accept)
Public repoAnyone with the linkNothing to do — that's the point, and the risk

One private repo under your GitHub organization — say your-org/kb-bundles — with the org's base permission set to Read:

  • Every member installs with their own GitHub login; nothing to manage per person or per bundle.
  • Access follows membership: joining the org grants it, leaving revokes it.
  • Anyone on the team can publish to the same shelf — it becomes the team's knowledge hub.

GitHub's Free plan suffices (unlimited private repos and members).

The receiver's side

Access alone isn't enough — the receiver must also be authenticated when downloading: gh auth login for the CLI path, or a logged-in browser for the manual path. The most common confusion is exactly this: see "the link 404s".

Released under the MIT License.