How to use private NPM packages with cloud functions?

Question

I'm trying to switch an application to Firebase and transfer the backend to Firebase Cloud Functions.

This application is using a private package (@org/name) as a dependency.

I've tried different solution, but none seems to work:

• Pass a NPM_TOKEN env: not possible since Firebase limits to lowercased configuration
• npm install the module in the functions directory
• Create a .npmrc file in the functions directory with both YARN and NPM auth token

It always rejects the deployment with:

Deploy Error: Build failed: Module @org/name not found in npm registry

Are private packages supported on Firebase ?

Answer 1

If you are trying to deploy you functions with firebase deploy from a CI and your .npmrc file looks like this.

@acmecorp:registry=https://npm.pkg.github.com/

//npm.pkg.github.com/:_authToken=${NPM_REGISTRY_TOKEN}

You will run into the problem even if you have the env var set.

Build failed: Error: Failed to replace env in config: ${NPM_REGISTRY_TOKEN}

Firebase for some reason needs access to that private repo. But the env var is not sent over to firebase.

Solution I've implemented was to replace ${NPM_REGISTRY_TOKEN} in the .npmrc file on every run of the CI pipeline.

sed -i.bak "s/\${NPM_REGISTRY_TOKEN}/${NPM_REGISTRY_TOKEN}/g" .npmrc

Answer 2

Contrary to answers here, as far as I understand, GCF does NOT support private registries, such as Github package registry.

It says so in official docs: Note: Registries other than npm, such as GitHub packages, are not supported in Cloud Functions.

Currently, I'm trying to figure out 'npm pack' approach, but (and I'm using Serverless.com) deploy doesn't work still. But that's other question, I guess.

Answer 3

Create .npmrc file and add something like this -

registry=https://xxx.xxx.com
_authToken="MXfyoClMIzrXu7lnOhDuXXXxXXXXXxxxXXXXXxxx="

Note: for _authToken enter command cat ~/.npmrc where you find _authToken.

Registry URL could be npm public or your own private registry in gcloud VM Instance or AWS. Like I have my private npm registry in gcloud Virtual Machine using Verdaccio https://verdaccio.org/

This solution is valid as during gcloud function deploy gcloud search for dependency mention in package.json in public npm. So to specify some private npm registry or your own created or someone else managed registry node packages registry use this.

Answer 4

Firebase now supports private npm modules with a .npmrc file. Check out this link.

Answer 5

Google Cloud Functions now supports private NPM packages.

In order to use a private npm module, you have to provide credentials (auth token) for the npm registry in a .npmrc file located in the function's directory. You can simply copy the .npmrc file that was created in your home directory when you logged into npm using the npm login command.

Do not include the .npmrc file if you're not using private repositories, as it may increase the deployment time for your functions.

Source: https://cloud.google.com/functions/docs/writing/dependencies#using_private_modules

Answer 6

With reference to Google issue tracker,This has been fixed. for more information you can check the documentation at Google Cloud Platform.

Using private modules

In order to use a private npm module, you have to provide credentials (auth token) for the npm registry in a .npmrc file located in the function's directory. You can simply copy the .npmrc file that was created in your home directory when you logged into npm using the npm login command.

Do not include the .npmrc file if you're not using private repositories, as it may increase the deployment time for your functions.

If any issue persists, please report at Google issue tracker they will re-open to examine.

Answer 7

There is no convenient way of doing it currently.

It seems to me that GCF don't use npm client to fetch from npm registry and instead fetch it directly. This prevents from using the standard .npmrc file or any other method npm client knows.

You have to pack and install your package locally and commit it to source code:

$ npm pack @org/name
$ npm install --save tarball-output.tgz

This will add the local tarball to your package.json and Google Cloud Functions will know to use it.

I really wish they would read .npmrc from the project root path or alternatively, we could pass them a TOKEN as env variable.

There's an open issue about it: https://issuetracker.google.com/issues/36665861

Answer 8

I was having the same issue as well, but then I realized I had forgot to add the dependency to the package.json file which should be in the same directory as your index.js