I’m trying to add a private GitHub repository as a dependency in my package.json file but I’m running into issues. When I use the standard GitHub URL format like username/repository-name in my dependencies section, npm install fails with errors saying it cannot install the private dependencies. I’ve looked at the npm documentation but it seems like the examples only work for public repositories. Is there a specific way to reference private repos in package.json? Do I need to use authentication tokens or SSH keys? I’m working on a Node.js project and need to include several private packages from my organization’s GitHub account.
To solve the issue of adding private GitHub repositories as dependencies, consider setting up authentication through your .npmrc file by adding your GitHub Package Registry credentials. This way, you can use the standard git+https format without embedding authentication tokens in your package.json. Additionally, it’s prudent to reference specific commit hashes instead of branch names, as this approach mitigates common caching issues. Remember, every environment that runs npm install will need the updated .npmrc for seamless access.
I’ve hit this exact issue before. The fix depends on how you’re authenticating. For development, I’d go with SSH keys - just use git+ssh://[email protected]:username/repository-name.git. Make sure your SSH key’s set up with GitHub first though. For CI/CD, personal access tokens work better: git+https://[email protected]/username/repository-name.git. Watch out for one gotcha - you might need to specify a branch or tag if the default isn’t what you expect. I stick with SSH for local dev since you don’t have tokens sitting in your package.json file.
you can also use npm config to set the registry for scoped packages. if your private repos are under an org, run npm config set @yourorg:registry https://npm.pkg.github.com and reference them as @yourorg/package-name in package.json. way cleaner than putting auth stuff directly in the file.