How do I list a private Github repo as a "dependency"
in package.json
? I tried npm's Github URLs syntaxes like ryanve/example
, but doing npm install
in the package folder gives "could not install" errors for the private dependencies. Is there a special syntax (or some other mechanism) for depending on private repos?
This question is related to
node.js
git
github
npm
package.json
I wasn't able to make the accepted answer work in a Docker container.
What worked for me was to set the Personal Access Token from github in a file .nextrc
ARG GITHUB_READ_TOKEN
RUN echo -e "machine github.com\n login $GITHUB_READ_TOKEN" > ~/.netrc
RUN npm install --only=production --force \
&& npm cache clean --force
RUN rm ~/.netrc
in package.json
"my-lib": "github:username/repo",
If someone is looking for another option for Git Lab and the options above do not work, then we have another option. For a local installation of Git Lab server, we have found that the approach, below, allows us to include the package dependency. We generated and use an access token to do so.
$ npm install --save-dev https://git.yourdomain.com/userOrGroup/gitLabProjectName/repository/archive.tar.gz?private_token=InsertYourAccessTokenHere
Of course, if one is using an access key this way, it should have a limited set of permissions.
Good luck!
It can be done via https and oauth or ssh.
https and oauth: create an access token that has "repo" scope and then use this syntax:
"package-name": "git+https://<github_token>:[email protected]/<user>/<repo>.git"
or
ssh: setup ssh and then use this syntax:
"package-name": "git+ssh://[email protected]:<user>/<repo>.git"
(note the use of colon instead of slash before user)
With git there is a https format
https://github.com/equivalent/we_demand_serverless_ruby.git
This format accepts User + password
https://bot-user:[email protected]/equivalent/we_demand_serverless_ruby.git
So what you can do is create a new user that will be used just as a bot,
add only enough permissions that he can just read the repository you
want to load in NPM modules and just have that directly in your
packages.json
Github > Click on Profile > Settings > Developer settings > Personal access tokens > Generate new token
In Select Scopes part, check the on repo: Full control of private repositories
This is so that token can access private repos that user can see
Now create new group in your organization, add this user to the group and add only repositories that you expect to be pulled this way (READ ONLY permission !)
You need to be sure to push this config only to private repo
Then you can add this to your / packages.json (bot-user is name of user, xxxxxxxxx is the generated personal token)
// packages.json
{
// ....
"name_of_my_lib": "https://bot-user:[email protected]/ghuser/name_of_my_lib.git"
// ...
}
https://blog.eq8.eu/til/pull-git-private-repo-from-github-from-npm-modules-or-bundler.html
Source: Stackoverflow.com