I’m looking for guidance on how to include a private GitHub repository as a dependency in my package.json file. I’ve tried using the format username/repo for the GitHub URL, but when I execute npm install, I encounter errors related to the private repository.
While this method works perfectly for public repositories, it fails for private ones, leading to installation errors. I’ve checked the npm documentation, but I can’t find specific advice for dealing with private repositories. Should I use a different syntax, or is there an authentication method I need to set up? Any assistance would be greatly appreciated.
Yeah, that’s normal - npm can’t access private repos without credentials. I’ve hit this tons of times in enterprise setups. SSH authentication beats HTTPS tokens every time since tokens expire and break deployments. First, add your SSH key to GitHub and test it: ssh -T [email protected]. Then switch your package.json dependency to SSH format: git+ssh://[email protected]/johndoe/my-private-repo.git. Works like a charm across environments and CI/CD without exposing tokens in your code. Add #branch-name to the URL if you need a specific branch or tag.
I use a .npmrc file in the project root - keeps auth separate from package.json and works great with version control. Just create .npmrc with @yourscope:registry=https://npm.pkg.github.com and add your GitHub token. Then reference the dependency normally in package.json as @yourscope/my-private-repo. Don’t forget to add .npmrc to .gitignore so you don’t commit tokens. Works really well with GitHub Packages and scales nicely when you’ve got multiple private deps from the same org.
yeah, u gotta use a personal access token for privat repos. like this: git+https://username:[email protected]/johndoe/my-private-repo.git. or better, set up ssh keys and then just use the ssh url. gl!