1

Is it possible to install NPM packages from a TFS 2017 Git repository?

I know there is a possibility to use Package Management from TFS but this is not an option for me.

I've already tried to install from HTTP and git+ssh but without success. Do I need to store credentials in my .npmrc file or directly in the URL?

Do you may have an example for me?

Hasan Haghniya
  • 2,347
  • 4
  • 19
  • 29
chris1302
  • 123
  • 12

1 Answers1

2

In TFS 2017 and later version including VSTS, we would suggest that you using Packaging to store your npm packages as opposed to installing from a GIT repo.

However, if you really want to use GIT you'll need to follow one of the protocol formats here. I recommend using SSH because it doesn't require knowledge of a token; however, if you do elect to use a token with HTTPS you will need to write some custom shell scripts to inject your token into your package.json so that you do not to check it in to your repo (bad).

Just refer to Keith Robertson [MSFT]'s solution in this thread: npm install build task cannot authenticate to git repo in vsts

STEPS for SSH:

  1. Ensure that the GIT repo which has the package you want to install has a package.json at the root.
  2. Generate public/private keys and install into using these instructions.
  3. Clone your repo using SSH. This will cause your client to accept the fingerprint expressed by the server. You must do this before 'npm install'
  4. Get SSH URI for cloning your repo and insert it into a dependencies section of your package.json like so...
    "dependencies": { "testproj": "git+ssh://account@vs-ssh.visualstudio.com:22/DefaultCollection/_git/yourProject" }

IMPORTANT: This will only work if you can execute "git clone ssh://account@vs-ssh.visualstudio.com:22/DefaultCollection/_git/yourProject". If you cannot clone your repo via SSH then NPM install via SSH will most certainly not work.

STEP for HTTPS:

  1. Ensure that the GIT repo which has the package you want to install has a package.json at the root.
  2. Generate a PAT
  3. Add a dependency section like what is shown below and write some shell code that substitutes ${PAT} with a secure environment variable.
    "dependencies": { "testproj": "git+https://${PAT}:x-oauth-basic@account.visualstudio.com/DefaultCollection/_git/project" }

Also reference below articles:

Andy Li-MSFT
  • 28,712
  • 2
  • 33
  • 55