Using Private GitHub Repositories for NPM Dependencies
Written on
Chapter 1: Introduction to Private Dependencies
In recent days, I've been heavily focused on several private projects. Due to confidentiality constraints, using public repositories isn't an option, which also rules out the free version of NPM for managing dependencies. Thus, I had to explore alternative methods to manage private dependencies.
One key takeaway is that the best approach is to opt for the pro version of NPM, which is relatively affordable at just $7 per month. However, if subscribing isn't feasible, you can create a library directly on GitHub, keep the repository private, and generate an access token for NPM access.
{
"dependencies": {
}
}
By using this method, you can install your library as if it were a standard npm package. To generate a Personal Access Token on GitHub, navigate to your GitHub account settings, then Developer Settings, followed by Personal Access Token. Click on "Generate New Token," enter your password, complete the form, and click "Generate Token." Be sure to copy the generated token, which will appear something like ghp_sFhFsSHhTzMDreGRLjmks4Tzuzgthdvfsrta.
Section 1.1: Using SSH Keys
An alternative to using a plaintext token is to configure an SSH key with your Git client:
{
"dependencies": {
"package-name": "git+ssh://[email protected]:username/repository.git#{branch|tag}"}
}
For managing your access token, you can refer to this guidance on StackOverflow.
Subsection 1.1.1: Credential Management on Windows
Chapter 2: Video Resources
In this video, you'll learn how to effectively use private NPM packages with GitHub Actions and Packages.
This video covers how to install NPM packages directly from Git, providing practical insights into managing dependencies.