Mauro Bringolf

Currently geeking out as WordPress developer at WebKinder and student of computer science at ETH.

Managing semver versioned private Git repositories with npm

December 7, 2017
, ,

Here is a conversation I had with the npm documentation this week:

(Okay, I admit it was just me reading documentation but let’s pretend.)


Me: “I guess you can only install modules hosted on npmjs.org with npm.”

npm: “Nope, in fact you can make npm manage any package you want it to.”

Me: “Hmm, but a Git repository probably has to be public to be installed and updated via npm?”

npm: “Nope, npm can download private repositories as packages via SSH.”

Me: “Amazing! But it seems like the repository URL takes place of the version string in package.json. So I don’t see a way to specify what version I want to install. It probably installs master branch which is not necessarily what I want?”

npm: “Nope, we got this. You actually have more options to specify what version you want if you install packages from Git. In addition to all the semver matching you are used to, you can install a specific Git commit, tag or branch by its SHA.”


So this is a simple note to myself on how to install private Git repositories as npm dependencies in package.json. Here are some example entries you would put into your dependencies or devDependencies:

Specific version:

{
  "repo": "git+ssh://git@github.com:user/repo.git#semver:1.2.0"
}

Version range:

{
  "repo": "git+ssh://git@github.com:user/repo.git#semver:1.x.x"
}

Git branch:

{
  "repo": "git+ssh://git@github.com:user/repo.git#master"
}

Git commit:

{
  "repo": "git+ssh://git@github.com:user/repo.git#ac9e73"
}