How to use multiple nested private node modules?

Question

The following is my project structure

Base Application
  |
  |----Node Module 1 
  |       |
  |       |----Node Module 2
  |
  |----Node Module 2

All these are private repositories. I added the following in the base application's package.json

{
name: "Base Application",
  dependencies: {
  ..
  node-module1: "git+https://github.com/abc/node-module1.git",
  node-module2: "git+https://github.com/abc/node-module2.git",
  ..
  }
}

I cloned my repository using HTTPS version (https://github.com/abc/base-application.git) which prompts me for username and password. Once cloned, when I tried to do a npm install, I was getting the following error

npm ERR! Cloning into bare repository '/home/ubuntu/.npm/_git-remotes/git-https-github-com-abc-node-module1-git-3bd17fdf3s45ae0sdfadf68sdegk72e3'...
npm ERR! remote: Invalid username or password.
npm ERR! fatal: Authentication failed for 'https://github.com/abc/node-module1.git/'

After some digging, I modified my package.json to include version as suggested here.

{
name: "Base Application",
  dependencies: {
  ..
  node-module1: "git+https://github.com/abc/node-module1.git#v0.0.1",
  node-module2: "git+https://github.com/abc/node-module2.git#v0.0.1",
  ..
  }
}

This works. But the problem is I am been prompted for the username and password multiple times. This will also create the complexity of creating a version in the node-modules every time a minute change is made.

So how can I use private node modules as how we use public ones.

Try to clone with http and not https. https require username password so you will have to pass or store them for the clonning — CodeWizard, Jan 06 '16 at 07:49

score 2 · Accepted Answer · edited May 23 '17 at 10:28

Check if you identify yourself in package.json, as described in "How to use private Github repo as npm dependency"

https and oauth: create an access token that has "repo" scope and then use this syntax:

"package-name": "git+https://<github_token>:x-oauth-basic@github.com/<user>/<repo>.git"

That way, npm install should have access to those private repo without asking again for credentials.

score 1 · Answer 2 · answered Jan 06 '16 at 08:06

Instead of the version, you can also reference a specific branch such as master, so that you don't need to bump the version for every commit.

"node-module1": "git://github.com/abc/node-module1.git#master"

However, I'd recommend sticking with semantic versioning, and consider setting up your own private NPM repository such as https://github.com/rlidwka/sinopia. To test a module that's under development inside another module/app, you can use npm link, and then publish the versioned module when done, always bumping the major version whenever you make API-incompatible changes.

How to use multiple nested private node modules?

2 Answers2