I'm trying to install github private repository by npm that includes other private github repositories as dependency.
Have tried a lot of ways and posts but none is working. Here is what i'm doing :
npm install git+https://github.com/myusername/mygitrepository.git
in package.json is like :
"dependencies": {
"repository1name": "git+https://github.com/myusername/repository1.git",
"repository2name": "git+https://github.com/myusername/repository2.git"
}
What is the the right way to do it?
Try this:
"dependencies" : {
"name1" : "git://github.com/user/project.git#commit-ish",
"name2" : "git://github.com/user/project.git#commit-ish"
}
You could also try this, where visionmedia/express is name/repo:
"dependencies" : {
"express" : "visionmedia/express"
}
Or (if the npm package module exists):
"dependencies" : {
"name": "*"
}
Taken from NPM docs
The following worked just fine in all scenarios i needed :
"dependencies": {
"GitRepo": "git+https://<token-from-github>:x-oauth-basic@github.com/<user>/<GitRepo>.git"
}
For those of you who came here for public directories, from the npm docs: https://docs.npmjs.com/files/package.json#git-urls-as-dependencies
Git URLs as Dependencies
Git urls can be of the form:
git://github.com/user/project.git#commit-ish
git+ssh://user@hostname:project.git#commit-ish
git+ssh://user@hostname/project.git#commit-ish
git+http://user@hostname/project/blah.git#commit-ish
git+https://user@hostname/project/blah.git#commit-ish
The commit-ish can be any tag, sha, or branch which can be supplied as an argument to git checkout. The default is master.
As of version 1.1.65, you can refer to GitHub urls as just “foo”: “user/foo-project”.
npmjs docs reference
git+https://
mean? Use git
protocol for cloning and pull new changes while pushing through https
?
The accepted answer works, but I don't like much the idea to paste secure tokens into the package.json
I have found it elsewhere, just run this one-time command as documented in the git-config manpage.
git config --global url."https://${GITHUB_TOKEN}@github.com/".insteadOf git@github.com:
GITHUB_TOKEN
may be setup as environmnet variable or pasted directly
and then I install private github repos like: npm install user/repo --save
works also in Heroku, just setup the above git config ...
command as heroku-prebuild
script in package.json
and setup GITHUB_TOKEN
as Heroku config variable.
npm install
step.
...insteadOf ssh://git@github.com
npm install user/repo --save
. Is there something I need to configure?
There are multiple ways to do it as people point out, but the shortest versions are:
// from master
"depName": "user/repo",
// specific branch
"depName": "user/repo#branch",
// specific commit
"depName": "user/repo#commit",
// private repo
"depName": "git+https://[TOKEN]:x-oauth-basic@github.com/user/repo.git"
e.g.
"dependencies" : {
"hexo-renderer-marked": "amejiarosario/dsa.jsd#book",
"hexo-renderer-marked": "amejiarosario/dsa.js#8ea61ce",
"hexo-renderer-marked": "amejiarosario/dsa.js",
}
"dependencies": {
"some-package": "github:github_username/some-package"
}
or just
"dependencies": {
"some-package": "github_username/some-package"
}
https://docs.npmjs.com/files/package.json#github-urls
Since Git uses curl
under the hood, you can use ~/.netrc
file with the credentials. For GitHub it would look something like this:
machine github.com
login <github username>
password <password OR github access token>
If you choose to use access tokens
, it can be generated from:
Settings -> Developer settings -> Personal access tokens
This should also work if you are using Github Enterprise in your own corporation. just put your enterprise github url in the machine
field.
machine github.com login <token>
on one line and "package": "https://github.com/acme/privaterepo.git#commit-ish"
or directly with npm install https://github.com/acme/privaterepo.git#commit-ish
Here is a more detailed version of how to use the Github token without publishing in the package.json
file.
Create personal github access token Setup url rewrite in ~/.gitconfig
git config --global url."https://<TOKEN HERE>:x-oauth-basic@github.com/".insteadOf https://x-oauth-basic@github.com/
Install private repository. Verbose log level for debugging access errors.
npm install --loglevel verbose --save git+https://x-oauth-basic@github.com/<USERNAME HERE>/<REPOSITORY HERE>.git#v0.1.27
In case access to Github fails, try running the git ls-remote ...
command that the npm install will print
There's also SSH Key - Still asking for password and passphrase
Using ssh-add ~/.ssh/id_rsa
without a local keychain.
This avoids having to mess with tokens.
If you want to add the dependency that is not anchored to master nor to a particular commit, you can do it by using semver. Like that:
"dependencies": {
"some-package": "github:github_username/some-package#semver:^1.0.0"
}
For my private repository reference I didn't want to include a secure token, and none of the other simple (i.e. specifying only in package.json) worked. Here's what did work:
Went to GitHub.com Navigated to Private Repository Clicked "Clone or Download" and Copied URL (which didn't match the examples above) Added #commit-sha Ran npm install
Further, in order to make key's access secure
Create .env file at the same directory level where package.json resides. Mention PERSONAL_ACCESS_TOKEN=******************************* into .env file Dont forget to add '.env' into .gitingore list which will prevent exposing key to outside world while you make git commit to your repo. Now you can add your dependency in package.json as below,
Package.json
"dependencies": { ... "my-private-github-repo": "git+https://${ENV.PERSONAL_ACCESS_TOKEN}@github.com/USER/abcd-repo-3.4.0.git", ... }
There are other ways using 'DOTENV' npm package, but it could not do much when we are trying to resolve "Github" package dependency. Above seems to be straight forward solution.
Note that the github repos that you try to add as a dependency to your package.json file needs to have its own package.json file defined.
Success story sharing
fatal: ambiguous argument 'commit-ish': unknown revision or path not in the working tree.
Pretty obvious thatcommit-ish
is just a sample word which you should replace with asha
of a specific commit that you need. (or remove that#commit-ish
at all if you need the latest commit in your master branch)