"npm 通过 package.json 中的依赖项安装私有 github 存储库"

Question

I'm trying to install github private repository by npm that includes other private github repositories as dependency.

npm install git+https://github.com/myusername/mygitrepository.git

Answer 1

Try this:

"dependencies" : {
  "name1" : "git://github.com/user/project.git#commit-ish",
  "name2" : "git://github.com/user/project.git#commit-ish"
}

You could also try this, where visionmedia/express is name/repo:

"dependencies" : {
   "express" : "visionmedia/express"
}

Or (if the npm package module exists):

"dependencies" : {
  "name": "*"
}

Taken from NPM docs

Answer 2

The following worked just fine in all scenarios i needed :

"dependencies": {
"GitRepo": "git+https://<token-from-github>:x-oauth-basic@github.com/<user>/<GitRepo>.git"
}

Answer 3

For those of you who came here for public directories, from the npm docs: https://docs.npmjs.com/files/package.json#git-urls-as-dependencies

Git URLs as Dependencies

Git urls can be of the form:

git://github.com/user/project.git#commit-ish
git+ssh://user@hostname:project.git#commit-ish
git+ssh://user@hostname/project.git#commit-ish
git+http://user@hostname/project/blah.git#commit-ish
git+https://user@hostname/project/blah.git#commit-ish

The commit-ish can be any tag, sha, or branch which can be supplied as an argument to git checkout. The default is master.

Answer 4

The accepted answer works, but I don't like much the idea to paste secure tokens into the package.json

I have found it elsewhere, just run this one-time command as documented in the git-config manpage .

git config --global url."https://${GITHUB_TOKEN}@github.com/".insteadOf git@github.com:

GITHUB_TOKEN may be setup as environmnet variable or pasted directly

and then I install private github repos like: npm install user/repo --save

---

works also in Heroku, just setup the above git config ... command as heroku-prebuild script in package.json and setup GITHUB_TOKEN as Heroku config variable.

Answer 5

There are multiple ways to do it as people point out, but the shortest versions are:

// from master
"depName": "user/repo",

// specific branch
"depName": "user/repo#branch",

// specific commit
"depName": "user/repo#commit",

// private repo
"depName": "git+https://[TOKEN]:x-oauth-basic@github.com/user/repo.git"

eg

"dependencies" : {
  "hexo-renderer-marked": "amejiarosario/dsa.jsd#book",
  "hexo-renderer-marked": "amejiarosario/dsa.js#8ea61ce",
  "hexo-renderer-marked": "amejiarosario/dsa.js",
}

Answer 6

"dependencies": {
  "some-package": "github:github_username/some-package"
}

or just

"dependencies": {
  "some-package": "github_username/some-package"
}

https://docs.npmjs.com/files/package.json#github-urls

Answer 7

Since Git uses curl under the hood, you can use ~/.netrc file with the credentials. For GitHub it would look something like this:

machine github.com
  login <github username>
  password <password OR github access token>

If you choose to use access tokens , it can be generated from:

Settings -> Developer settings -> Personal access tokens

This should also work if you are using Github Enterprise in your own corporation. just put your enterprise github url in the machine field.

Answer 8

Here is a more detailed version of how to use the Github token without publishing in the package.json file.

1. Create personal github access token
2. Setup url rewrite in ~/.gitconfig

git config --global url."https://<TOKEN HERE>:x-oauth-basic@github.com/".insteadOf https://x-oauth-basic@github.com/

3. Install private repository. Verbose log level for debugging access errors.

npm install --loglevel verbose --save git+https://x-oauth-basic@github.com/<USERNAME HERE>/<REPOSITORY HERE>.git#v0.1.27

In case access to Github fails, try running the git ls-remote ... command that the npm install will print

Answer 9

Further, in order to make key's access secure

1. Create .env file at the same directory level where package.json resides.
2. Mention PERSONAL_ACCESS_TOKEN=******************************* into .env file
3. Dont forget to add '.env' into .gitingore list which will prevent exposing key to outside world while you make git commit to your repo.
4. Now you can add your dependency in package.json as below,

Package.json

"dependencies": { ... "my-private-github-repo": "git+https://${ENV.PERSONAL_ACCESS_TOKEN}@github.com/USER/abcd-repo-3.4.0.git", ... }

There are other ways using 'DOTENV' npm package, but it could not do much when we are trying to resolve "Github" package dependency. Above seems to be straight forward solution.

Answer 10

For my private repository reference I didn't want to include a secure token, and none of the other simple (ie specifying only in package.json) worked. Here's what did work:

1. Went to GitHub.com
2. Navigated to Private Repository
3. Clicked "Clone or Download" and Copied URL (which didn't match the examples above)
4. Added #commit-sha
5. Ran npm install

Answer 11

There's also SSH Key - Still asking for password and passphrase

Using ssh-add ~/.ssh/id_rsa without a local keychain.

This avoids having to mess with tokens.

Answer 12

If you want to add the dependency that is not anchored to master nor to a particular commit, you can do it by using semver. Like that:

"dependencies": {
  "some-package": "github:github_username/some-package#semver:^1.0.0"
}

Answer 13

请注意，您尝试作为依赖项添加到 package.json 文件的 github 存储库需要定义自己的 package.json 文件。

"