Socket
Socket
Sign inDemoInstall

private-packages-on-github

Package Overview
Dependencies
0
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    private-packages-on-github

Install NPM package hosted by private Github repo. Support both SSH and HTTPS Github connections.

Version published
Weekly downloads
1
decreased by-50%
Maintainers
1
Install size
3.55 kB
Created
Weekly downloads
 

Readme

Source

private-packages-on-github

Install NPM package hosted by private Github repo. Support both SSH and HTTPS Github connections.

Using private git repositories that requires authentication is often necessary when running npm install, but you don't want to put keys, tokens or passwords in your code, so instead you can use this module that allows you to define packages with environment variable names to inject your keys, passwords or tokens.

Also support dev-only dependencies with devPrivatePackagesOnGithub.

Inspired by https://github.com/porsager/env-install.

Usage

  1. Install via npm install -D private-packages-on-github
  2. Add a postinstall script with command install-private-packages-from-github
  3. Declare your dependencies containing environment variables in privatePackagesOnGithub
package.json example
"scripts": {
    "postinstall": "install-private-packages-from-github"
},
"dependencies": {
    "private-packages-on-github": "^1.0.0"
},
"privatePackagesOnGithub": {
    "some-secret-module": "github.com/you/private-repo"
},
"devPrivatePackagesOnGithub": {
    "some-dev-secret-module": "github.com/you/private-repo"
},

In the above example some-secret-module, depend on if we have provided ENV GITHUB_TOKEN,

  • If GITHUB_TOKEN is defined, packages will be installed as

    # export GITHUB_TOKEN=abcdefg123456
npm install https://abcdefg123456:x-oauth-basic@github.com/you/private-repo

  • If GITHUB_TOKEN is not defined, we will assume you have configured SSH access on the machine and install packages as

    npm install git+ssh://git@github.com/you/private-repo

To obtain GITHUB_TOKEN, check Github doc here

Deploy NPM Package

  1. Update version in package.json

  2. Publish NPM package

    npm adduser
npm publish --access public

Keywords

FAQs

Last updated on 23 May 2019

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

LDAPjs Open Source Project Decommissioned After Maintainer Receives Abusive Email

Security News

LDAPjs Open Source Project Decommissioned After Maintainer Receives Abusive Email

LDAPjs, an LDAP Client and Server API for Node.js, was decommissioned after its maintainer received an abusive email from a user, raising concerns about this form of abuse as a potential attack vector.

By Sarah Gooding  -  May 16, 2024
CISA Launches Vulnrichment Project as NVD Backlog Hits 10,000

Security News

CISA Launches Vulnrichment Project as NVD Backlog Hits 10,000

CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.

By Sarah Gooding  -  May 09, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc