NPM install/dependency from a GitHub Release Binary

Question

I know how to make an NPM dependency from a GitHub release :

"dependencies": {
  "package-name": "user/repo#v1.0.0"
}

That's nice, but I want to install a specific binary from this release.

I tried

"dependencies": {
  "package-name": "https://github.com/user/repo/releases/download/v1.0.0/bin.tgz"
}

But I gives me the following error :

❯ npm install
npm ERR! fetch failed https://github.com/user/repo/releases/download/v1.0.0/bin.tgz
npm WARN retry will retry, error on last attempt: Error: fetch failed with status code 404

Binary release assets exist outside of GitHub and are using AWS S3.

The URL github.com/user/repo/releases/download/v1.0.0/bin.tgz is redirecting with a 302 status and a HTTP location header set to https://github-cloud.s3.amazonaws.com/releases/XXX/XXX...

If I try directly with the S3 URL I got a ENAMETOOLONG error (see NPM issue) :

> npm install https://github-cloud.s3.amazonaws.com/releases/XXX/XXX...
npm ERR! tarball.destroy is not a function
npm WARN retry will retry, error on last attempt: Error: ENAMETOOLONG: name too long, open '/var/folders/pn/......

Questions :

• Why is NPM not following the redirect?
• Why a 404?
• Is there a way to link an NPM dependency to a GitHub release's binary tarball? How?

---

My context and needs :

• I have a private GitHub repository
• My package needs to be built before "deploying" (transpilation, etc.)
• I want to "publish" a tarball of this build in my GitHub release and directly reference it to my NPM dependencies
• I use a CI service to build, make the tarball and upload it next to the GitHub release
• I would like to use GitHub release binary as a NPM repository

Related

• SO question: How to install an npm package from GitHub directly?
• NPM issue: https://github.com/npm/npm/issues/3055

Answer 1

I don't think npm provides a way to do this as per their documentation, they support using github's tarballs but not a specific binary attached to a release. https://docs.npmjs.com/cli/install The only way I see it would work is downloading the file and using the "tarball file" way described in the "npm install" docs.

I'm in the same boat and I think I'll end up using npm private repositories.

Answer 2

The 404 is because you are a private repo and didn't include the authentication in the url.

Public repo:

"agentframework": "https://codeload.github.com/agentframework/agentframework/tar.gz/beta"

Private repo:

1. Create a private access token https://github.com/settings/tokens
2. Create your own http proxy to download the assert from release. https://developer.github.com/v3/repos/releases/#get-a-single-release-asset
3. Add the http proxy url to your package.json

package.json

{
  "name": "test",
  "version": "1.0.0",
  "dependencies": {
    "agentframework": "https://codeload.github.com/agentframework/agentframework/tar.gz/beta"
  }
}

BTW: You can use yarn install which I used in my projects

Answer 3

Github Releases are based on Git Tags.

"...Versions are based on Git tags."

https://help.github.com/articles/creating-releases/

To specify a version with a Git URL, include an appropriate , such as a tag, at the end as a URL fragment. Example, for a tag named 0.3.1:

"dependencies": {
  "myprivatemodule": "git@github.com:...#0.3.1"
}

The snipped portion (...) should be filled in:

"myprivatemodule": "git@github.com:{owner}/{project}.git#0.3.1"

And, a different address format will be needed when SSH access isn't available:

"myprivatemodule": "git://github.com/{owner}/{project}.git#0.3.1"

kindly taken from: npm install from Git in a specific version