Skip to main content
Private registry provides your workspace with its own npm registry, hosted privately inside Lovable. You can publish npm packages directly to it without making them public, and any project in your workspace can install those packages. Setting up the private registry is limited to workspace owners and admins. Any editor can view the published packages in the registry.

Why use a private registry

Internal teams often maintain private npm packages for shared code like design systems, utility libraries, or proprietary API clients that shouldn’t be published publicly. With a private registry in Lovable, you can:
  • Install internal packages in Lovable projects without workarounds.
  • Keep proprietary code private and secure.
  • Reuse versioned internal libraries consistently across your workspace’s projects.

Common use cases

  • Internal UI component libraries: install your organization’s design system as a private package and use it in Lovable projects.
  • Shared utilities: use internal validation, formatting, or data-fetching packages across multiple projects.
  • Proprietary integrations: install internal SDKs or API clients that can’t be published publicly.

Prerequisites

  • A Lovable Enterprise plan
  • Workspace owner or admin role

Set up the private registry

Setting up the private registry consists of two parts:
  1. Enable the registry and create a service account key in Lovable workspace settings.
  2. Configure your code project by adding the .npmrc file, adding the service account key as an npm-key.json file, and running authentication against the private registry using the service account key.

Part 1: Enable the registry

1

Open the settings

Go to Settings → Build & deploy → Private registry.
2

Provision the registry

Select Provision registry. Lovable sets up a private npm registry for your workspace.
3

Create a service account key

When the registry is provisioned, you can create a service account key. Enter a name for the key, and select Create key.
Save the service account key file immediately after creating it. You will not be able to retrieve it again.

Part 2: Configure your code project

1

Configure the .npmrc file

In your code project’s root directory, add the private registry details to the .npmrc file.
2

Add the service account key

Add the service account key you downloaded in Part 1 as an npm-key.json file in your project.
3

Authenticate against the registry

Run the authentication command using the service account key to authorize your code project to publish to the private registry.

View published packages

Once packages are published to your private registry, you can view them in Settings → Build & deploy → Private registry. For each package, you can see the name, the latest published version, and when it was last updated.

Use a private package

To install a private package in a Lovable project, prompt Lovable with the package name just as you would for any public npm package. For example: 
Install @my-org/ui-components and use it to replace the current button component.
Lovable resolves the package from your configured private registry automatically.

Limitations

  • Only one private registry can be configured per workspace.
  • Only workspace owners and admins can configure the registry. Editors and viewers cannot access registry settings.

FAQ

Only workspace owners and admins can view and manage the private registry settings. The authentication token is not shown after it is saved.
Yes. Once configured, the private registry is available to all projects in the workspace. There is no per-project configuration required.
Yes. Scoped packages (for example, @my-org/package-name) are supported. Reference the package by its full scoped name when prompting Lovable.