ChatGPT解决这个技术问题 Extra ChatGPT

npm install private github repositories by dependency in package.json

I'm trying to install github private repository by npm that includes other private github repositories as dependency.

Have tried a lot of ways and posts but none is working. Here is what i'm doing : 

npm install git+https://github.com/myusername/mygitrepository.git

in package.json is like : 

"dependencies": {
    "repository1name": "git+https://github.com/myusername/repository1.git",
    "repository2name": "git+https://github.com/myusername/repository2.git"
}

What is the the right way to do it?

git+https://:x-oauth-basic@github.com//.git It supports authentication and works fine in all cases.

P
PiTheNumber

Try this: 

"dependencies" : {
  "name1" : "git://github.com/user/project.git#commit-ish",
  "name2" : "git://github.com/user/project.git#commit-ish"
}

You could also try this, where visionmedia/express is name/repo: 

"dependencies" : {
   "express" : "visionmedia/express"
}

Or (if the npm package module exists): 

"dependencies" : {
  "name": "*"
}

Taken from NPM docs

npm ERR! Failed resolving git HEAD (github.com/user/reponame.git) fatal: ambiguous argument 'commit-ish': unknown revision or path not in the working tree.
Doesn't work. the #xxxx isn't required as if not given its considered to be master and all my work is in master. Any other idea?
Same outcome if you remove the header (#commit-ish)?
What's the name of your repository?
@vashishatashu, regarding fatal: ambiguous argument 'commit-ish': unknown revision or path not in the working tree. Pretty obvious that commit-ish is just a sample word which you should replace with a sha of a specific commit that you need. (or remove that #commit-ish at all if you need the latest commit in your master branch)
v
vashishatashu

The following worked just fine in all scenarios i needed : 

"dependencies": {
"GitRepo": "git+https://<token-from-github>:x-oauth-basic@github.com/<user>/<GitRepo>.git"
}
Do you have a reference link for this solution?
@Ian : I read it somewhere but don't have reference link. I'm using it in production for over a year without any problem. You can get oauth token from Github as : Settings -> Applications -> Personal Access Token -> Generate new token. This token can have read/write or both privileges as per your use case.
@lan : for bitbucket you can use following syntax : git clone https://:x-oauth-basic@bitbucket.org// can be obtained from : Team -> Manage Team -> API Key
Here's a nice article on this technique: web.archive.org/web/20170506085956/http://rzrsharp.net/2013/07/…
Since your own access token from Github is visible directly in your package.json, it does not seem to be a safe solution.
C
Community

For those of you who came here for public directories, from the npm docs: https://docs.npmjs.com/files/package.json#git-urls-as-dependencies

Git URLs as Dependencies

Git urls can be of the form: 

git://github.com/user/project.git#commit-ish
git+ssh://user@hostname:project.git#commit-ish
git+ssh://user@hostname/project.git#commit-ish
git+http://user@hostname/project/blah.git#commit-ish
git+https://user@hostname/project/blah.git#commit-ish

The commit-ish can be any tag, sha, or branch which can be supplied as an argument to git checkout. The default is master.

What does "for public directories" mean?
As of version 1.1.65, you can refer to GitHub urls as just “foo”: “user/foo-project”. npmjs docs reference
What does the protocol git+https:// mean? Use git protocol for cloning and pull new changes while pushing through https?
L
Lukx

The accepted answer works, but I don't like much the idea to paste secure tokens into the package.json

I have found it elsewhere, just run this one-time command as documented in the git-config manpage. 

git config --global url."https://${GITHUB_TOKEN}@github.com/".insteadOf git@github.com:

GITHUB_TOKEN may be setup as environmnet variable or pasted directly

and then I install private github repos like: npm install user/repo --save

works also in Heroku, just setup the above git config ... command as heroku-prebuild script in package.json and setup GITHUB_TOKEN as Heroku config variable.

This also works in Microsoft Visual Studio Team Services Build Chain, where I execute it as a "command" just before the npm install step.
Spectacular! Great solution for CI environments! I did have to modify it a bit; I had to change the end to ...insteadOf ssh://git@github.com
This doesn't seem to affect my npm. It's still using ssh when running npm install user/repo --save. Is there something I need to configure?
Excellent solution for CI environment where setting up SSH is a pain(CloudBuild)! Thank you very much for this one!
A
Adrian

There are multiple ways to do it as people point out, but the shortest versions are: 

// from master
"depName": "user/repo",

// specific branch
"depName": "user/repo#branch",

// specific commit
"depName": "user/repo#commit",

// private repo
"depName": "git+https://[TOKEN]:x-oauth-basic@github.com/user/repo.git"

e.g. 

"dependencies" : {
  "hexo-renderer-marked": "amejiarosario/dsa.jsd#book",
  "hexo-renderer-marked": "amejiarosario/dsa.js#8ea61ce",
  "hexo-renderer-marked": "amejiarosario/dsa.js",
}
Succinct answer for public repositories, which unfortunately was not the OP's question. Still, it helped me and I appreciated it.
I updated my answer to include the private repo case
how would you write as to take a folder from a repo as a dependency ? for instance from my repo i want to take /src/util as a package
R
Rayron Victor 
"dependencies": {
  "some-package": "github:github_username/some-package"
}

or just 

"dependencies": {
  "some-package": "github_username/some-package"
}

https://docs.npmjs.com/files/package.json#github-urls

L
LeOn - Han Li

Since Git uses curl under the hood, you can use ~/.netrc file with the credentials. For GitHub it would look something like this: 

machine github.com
  login <github username>
  password <password OR github access token>

If you choose to use access tokens, it can be generated from:

Settings -> Developer settings -> Personal access tokens

This should also work if you are using Github Enterprise in your own corporation. just put your enterprise github url in the machine field.

worked for me with machine github.com login <token> on one line and "package": "https://github.com/acme/privaterepo.git#commit-ish" or directly with npm install https://github.com/acme/privaterepo.git#commit-ish
This worked! Possibly the only solution for https without using token to url. But can you tell that is it safe to store password unencrypted like this ?
M
Martins Balodis

Here is a more detailed version of how to use the Github token without publishing in the package.json file.

Create personal github access token Setup url rewrite in ~/.gitconfig 

git config --global url."https://<TOKEN HERE>:x-oauth-basic@github.com/".insteadOf https://x-oauth-basic@github.com/

Install private repository. Verbose log level for debugging access errors. 

npm install --loglevel verbose --save git+https://x-oauth-basic@github.com/<USERNAME HERE>/<REPOSITORY HERE>.git#v0.1.27

In case access to Github fails, try running the git ls-remote ... command that the npm install will print

F
Flint Weather

There's also SSH Key - Still asking for password and passphrase

Using ssh-add ~/.ssh/id_rsa without a local keychain.

This avoids having to mess with tokens.

J
Josep Alsina

If you want to add the dependency that is not anchored to master nor to a particular commit, you can do it by using semver. Like that: 

"dependencies": {
  "some-package": "github:github_username/some-package#semver:^1.0.0"
}
T
The Coder

For my private repository reference I didn't want to include a secure token, and none of the other simple (i.e. specifying only in package.json) worked. Here's what did work:

Went to GitHub.com Navigated to Private Repository Clicked "Clone or Download" and Copied URL (which didn't match the examples above) Added #commit-sha Ran npm install

P
Prashant Patil

Further, in order to make key's access secure

Create .env file at the same directory level where package.json resides. Mention PERSONAL_ACCESS_TOKEN=******************************* into .env file Dont forget to add '.env' into .gitingore list which will prevent exposing key to outside world while you make git commit to your repo. Now you can add your dependency in package.json as below,

Package.json

"dependencies": { ... "my-private-github-repo": "git+https://${ENV.PERSONAL_ACCESS_TOKEN}@github.com/USER/abcd-repo-3.4.0.git", ... }

There are other ways using 'DOTENV' npm package, but it could not do much when we are trying to resolve "Github" package dependency. Above seems to be straight forward solution.

S
Shiraz

Note that the github repos that you try to add as a dependency to your package.json file needs to have its own package.json file defined.

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.