New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

npmgitdev

Package Overview
Dependencies
Maintainers
1
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

npmgitdev

A wrapper around npm that allows real live git repos to be cloned into node_modules.

Source
npmnpm
Version
1.0.0
Version published
Weekly downloads
1
-85.71%
Maintainers
1
Weekly downloads
 
Created
Source

npmgitdev

npmgitdev a wrapper around npm version 3+ that allows you to work with git repos cloned directly into node_modules.

When we're developing modular software, we often need to edit multiple separate npm packages simultaneously. The "official" way to do this is with npm link. We clone a separate repo for each package, and then link it into the appropriate places. The problem is, npm link creates all sorts of complexities and bugs.

It would be nice if we could avoid all this complexity by simply cloning a repo into node_modules. Unfortunately, npm install will bail (refuse to do anything) when it detects a .git directory inside any package in node_modules. This is a problem because it forces us to use npm link to develop modular software, which comes with a whole host of complexities and bugs.

npmgitdev avoids this problem by:

  • Ensuring that all git repos are clean (have no changes in the working directory or index), so that if npm decides to replace the package you won't lose any work.
  • Temporarily changing the required version to match the one specified in the git repo's package.json, so npm is not inclined to mess with it.
  • Temporarily copying all devDependencies of git packages to dependencies, because you'll probably need them while you're developing your git package.
  • Hiding the .git directory temporarily while invoking an npm command.
  • Cleaning up all the temporary changes after the git command completes.

Installation:

npm install -g npmgitdev

Usage:

# in your project's directory
cd node_modules
git clone https://github.com/TerriaJS/terriajs # or whatever repo you want to work with inside your project
cd ..

# later, or whenever you want:
npmgitdev install

The end result is that npm installs packages exactly as it would if you copied all your devDependencies to dependencies and then published the package to npm. npm's package deduplication actually works, unlike with npm link!

If you accidentally run npm install instead, it should be harmless because npm will bail when it sees your .git directory.

FAQs

Package last updated on 11 May 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code

Security News

Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code

Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, to discuss the recent surge in open source supply chain attacks.

By Sarah Gooding  -  Apr 14, 2026