How to use multiple nested private node modules?

Question

The following is my project structure

Base Application
  |
  |----Node Module 1 
  |       |
  |       |----Node Module 2
  |
  |----Node Module 2

All these are private repositories. I added the following in the base application's package.json

{
name: "Base Application",
  dependencies: {
  ..
  node-module1: "git+https://github.com/abc/node-module1.git",
  node-module2: "git+https://github.com/abc/node-module2.git",
  ..
  }
}

I cloned my repository using HTTPS version (https://github.com/abc/base-application.git) which prompts me for username and password. Once cloned, when I tried to do a npm install, I was getting the following error

npm ERR! Cloning into bare repository '/home/ubuntu/.npm/_git-remotes/git-https-github-com-abc-node-module1-git-3bd17fdf3s45ae0sdfadf68sdegk72e3'...
npm ERR! remote: Invalid username or password.
npm ERR! fatal: Authentication failed for 'https://github.com/abc/node-module1.git/'

After some digging, I modified my package.json to include version as suggested here.

{
name: "Base Application",
  dependencies: {
  ..
  node-module1: "git+https://github.com/abc/node-module1.git#v0.0.1",
  node-module2: "git+https://github.com/abc/node-module2.git#v0.0.1",
  ..
  }
}

This works. But the problem is I am been prompted for the username and password multiple times. This will also create the complexity of creating a version in the node-modules every time a minute change is made.

So how can I use private node modules as how we use public ones.

Answer 1

Check if you identify yourself in package.json, as described in "How to use private Github repo as npm dependency"

https and oauth: create an access token that has "repo" scope and then use this syntax:

"package-name": "git+https://<github_token>:[email protected]/<user>/<repo>.git"

That way, npm install should have access to those private repo without asking again for credentials.

Answer 2

Instead of the version, you can also reference a specific branch such as master, so that you don't need to bump the version for every commit.

"node-module1": "git://github.com/abc/node-module1.git#master"

However, I'd recommend sticking with semantic versioning, and consider setting up your own private NPM repository such as https://github.com/rlidwka/sinopia. To test a module that's under development inside another module/app, you can use npm link, and then publish the versioned module when done, always bumping the major version whenever you make API-incompatible changes.