Make npm fetch latest package from Git repo

Question

My question is similar to this one.

A project has a dependency on a Git module which resides in a privately-hosted repository:

"dependencies": {
  "mymod": "git+https://mygitserver:8443/scm/od/mymod.git",
  ...
}

The intention is for this to be a snapshot dependency, so whenever any mymod code gets modified, the project pulls down the latest version.

The question is, what command should I properly use to update my project to the latest version of the module?

The only thing that I have found that works is:

rm -rf node_modules/mymod
npm install

Running npm install alone does nothing (given that it has been run once already), as noted by @Vishwanath in his question, because the module is already installed. npm upgrade is inappropriate, because I also have dependencies on a lot of other modules, and I do not want to upgrade them all to newer versions.

I guess I could explicitly version mymod and then update my local package.json with the new version whenever it changes, but that creates an ongoing maintenance task.

It seems like npm has enough information to determine when an upgrade is needed, because node_modules/mymod/package.json contains the last known head revision, which it could compare to the current head revision:

"gitHead": "b63f0df8ef...",
"_resolved": "git+https://mygitserver:8443/scm/od/mymod.git#b63f0df8ef..."

Does npm have a preferred way of handling snapshot dependencies like this?

Answer 1

UPDATE - 2021 - private package in development and production

In my new project I tried my best to write my code to fit both production and development with a minimum changes, working with my private package was one of the challenges.

I wanted to work locally on my package so all changes would be applied right away without the need to manually update my package every single time like the solution below, but on production I wanted it to install a specific version of the package from my git when I do npm install.

So what I did was to use 2 different dependencies, 1 for production and 1 for development

package.json:

"dependencies": {
  "package-name": "git+ssh://git@bitbucket.com:*git package/path*.git#1.0.0",
},
"devDependencies": {
  "package-name-dev": "file:*package path*"
}

Now, after having both of the packages, In development I need to use the dev package every time I'm calling the main package instead of doing lots of if(isDev){...} over all of my files.

I used the module-alias package that allows me to alias a module once, and it will be applied for the whole project.

at the top of app.js:

const isDev  = (process.env.NODE_ENV === 'development'),
      isProd = (process.env.NODE_ENV === 'production');

if (isDev) {
  const moduleAlias = require('module-alias');

  moduleAlias.addAlias('package-name', 'package-name-dev');
}

And that's it, now, when ever I const pack = require('package-name'), it will require the local package (dev) on development, and the main package on production.

Note - in the main package I used a tag (#1.0.0) at the end of my git URL, I use the same package over multiple of my projects, and I wanted to make sure that I control the version of my package per project, so I can manually test newest version on older projects and nothing will break.

---

ORIGINAL ANSWER - manually update packages

I couldn't find any better way to do this, I ended up adding a script in the package.json that manually install the package I need.

Add a script to the package.json that will update the needed package:

"scripts": {
   "update:packages": "npm install git+ssh://git@GIT_URL_HERE#master"
}

While this is the same as manually updating the package, as @chris said in comments of the other answer, this is a lot easier and can be used with:

npm run update:packages

NOTE - The #master tag at the end will install the master branch, not optimal but it allows you to install the last version of the package without manually changing the tag each time.

Update - if you need this for development and the package in the private repository is something you work on locally (like me), you can simply link the package to the project, all changes will be shown right away without the need of reinstalling it, more info on link:

cd /path/to/working/dir
npm link ../path/to/package/dir

Update 2 If you use Docker, npm link will not work inside the docker, this is because link is setting a soft link to your local npm folder. To avoid this you will need to set the soft link inside the docker.

Answer 2

You can manually update a package.

npm update mymod

This will update your package-lock.json with latest hash commit.

Answer 3

I tried updating the version number in package.json but it still not update the package. Seems like the only way is to delete the old package each time.

Answer 4

I changed my package.json file to sth like this which worked fine

"scripts": {
    .......
    "updateGit": "npm uninstall PACKAGE-NAME && npm install git+https://github.com/..../PACKAGE-NAME.git"
  },

then

npm run updateGit

Answer 5

You need to update the version in package.json in mymod to make npm install the updated code.