I made a private repository
I can load this module locally from the project's root folder
package.json sets the
private: true to avoid accidentally publishing this package to the NPM registry.
I pushed the code to the remote origin
$ git push
Then I created a tag (same as version) and pushed it too
$ git tag 1.0.0
Great, I have 1 release in my private GitHub repository.
Using GitHub repository
I have created another private GitHub repository
bahmutov/private-module-example-user - this repo will install the code from the first repository without going to NPM.
The install command looks almost the same as "standard"
npm i <package [email protected]>. Only instead of the package name, I can specify GitHub username and repository name, instead of the version, I can specify a commit SHA or a tag. I prefer tags.
$ npm install -S bahmutov/private-module-example#1.0.0
package.json reflects the installed dependency
Great, but does it work? Let's open Node and load the dependency
It is working.
Continuous Integration setup
I will set up continuous integration (CI) server to run "tests" on CircleCI. Here is my
And my test script will just load the
private-module-example module. If the module has not been installed, the
npm test would crash and burn.
$ npm t
Ok, push code to CircleCI and ... see if fail
#!/bin/bash -eo pipefail
When Circle connects the new project to the GitHub repository it created an SSH key restricted to that repository. Thus the same key cannot be used to clone another private repository. We need to change this. Go to the project's
Settings / Checkout SSH keys and click the button twice.
Now the build should be able to access clone NPM package from the private repository into this project.
Now you can iterate on your first module, and when there are new features or fixes, increment
package.json version (I suggest using next-ver to compute the next version based on commit messages), tag the commit and push the code and tag to GitHub. Then you can point the user project at the new tag, and you are good to go. This avoids private NPM registry, but of course this adds complexity to the CI with the user checkout key. On NPM you would need to use
NPM_TOKEN to authenticate and install your own private modules (and of course pay for private scope).
I use same approach if I need to fix 3rd party NPM module, read Fixing the Internet one NPM package at a time