Reputation: 2681
How to host private NPM packages for free on GitHub based on a legacy private repo? Is it possible to do it without manual editions to package.json?
My organization has a private repo on GitHub. Basically, a paid extension of Sheetjs which works as a dependency for our web app project.
The task is to create a private NPM package for it. Hopefully, it would make the build process of the application easier.
The "most common way" to execute a task like this is via payment of US$ 7 per user, per month to host it directly at https://www.npmjs.com/
We are not following the path. Especially because we want this for just 1 repo. Instead, we intend to host a private NPM package for free on GitHub.
Hence, I am following this tutorial from early-2020.
My situation is a bit different from the author's. He assumes someone is creating a new package. I am wrapping something that already exists and works. What I did:
1 - Created a branch on our private repo
2 - Got my GitHub token locally
3 - I have a .npmrc file at /Users/pedro (using macOS) indicating:
registry=https://registry.npmjs.org/
@my-organization-name:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=my-GitHub-token-which-will-not-be-shared-here-for-security-reasons
4 - Then, I manually changed the package.json file, inserting:
"publishConfig": {
"registry":"https://npm.pkg.github.com/"
}
5 - After this, I submitted the PR with the above-mentioned changes. The PR is waiting for a review.
If it gets merged, then I will do locally:
npm publish
My doubts are:
(i) - Did I miss something? Is this the correct approach as of mid-2022?
(ii) - Manual editions to package.json are not recommended. But, in this case, it seems mandatory. What would be the alternative?
(iii) If npm publish works, then the tutorial says:
Any client properly authenticated into the Github Packages Registry can install the package by running:
npm install @energicos/baseapp
Pragmatically speaking, what exactly does that mean?
Think about my co-workers that belong to the same GitHub organization and who already have access to the private repository, can they simply execute npm install @my-organization/my-private-repo?
If no, what exactly do they need to do to become a "properly authenticated client on GitHub package registry"?
(iv) - What would be the best way to test if the manual edition on package.json has broken something?
Obs.: This NPM/node world is new for me. Sorry for the ignorance.
Upvotes: 3
Views: 5345
Answers (1)
Reputation: 2681
Answering:
(i) - Yes, this is the correct approach.
(ii) - To change the package name you need to do a manual edition. But, it is possible to use commands such as npm ci and npm uninstall when removing the old package and instaling the new one (obviously, after the package is already published)
(iii) - They do need a Personal Access Token and a .npmrc file including the right pointers
(iv) try a toy package and also use npm link before publishing stuff. See this tutorial on YouTube.
Upvotes: 1
Related Questions
- can you host a private repository for your organization to use with npm?
- npm install private github repositories by dependency in package.json
- Installing public npm packages from the GitHub package registry
- How to use private Github repo as npm dependency
- Unable to used private repo in npm dependencies
- How do you publish and install a private npm package to GitHub packages as an organisation?
- How to support multiple private npm packages living in one git repo?
- Installing private NPM module over GIT, and having it update?
- Give public access to a private npm module from a private github repo
- Can I run a private npm repository without replicating the public repository?