Golo Roden Golo Roden - 4 months ago 30
Node.js Question

npm install from Git in a specific version

Assumed that I have written a module for Node.js which I would like to keep private. I know that I can (should) add the line:

"private": "true"


to the
package.json
file, and I also know that I can
npm install
this module using a file system path or a link to a git repository, including GitHub.

I also know that I can put such a file system path or a link to a git repo into
package.json
, so that the
dependencies
part may look somewhat like this:

"dependencies": {
"myprivatemodule": "git@github.com:..."
}


What I now want is not to link to the latest version, but to a specific one. The only possibility I know of is to link to a specific commit using its ID. But this is way less readable and worse maintainable than using a version number such as
0.3.1
.

So my question is: Is it possible to specify such a version number anyway and make npm search the git repository for the latest commit that includes this version?

If not, how do you resolve this issue in your projects? Do you live with commit IDs or is there a better solution to this?

Answer

A dependency has to be available from the registry to be installed just by specifying a version descriptor.

You can certainly create and use your own registry instead of registry.npmjs.org if your projects shouldn't be shared publicly.

But, if it's not in a registry, it'll have to be referenced by URL or Git URL. To specify a version with a Git URL, include an appropriate <commit-ish>, such as a tag, at the end as a URL fragment.

Example, for a tag named 0.3.1:

"dependencies": {
  "myprivatemodule": "git@github.com:...#0.3.1"
}

Note: The above snippet shows the base URL the same as it was posted in the question.

The snipped portion (...) should be filled in:

"myprivatemodule": "git@github.com:{owner}/{project}.git#0.3.1"

And, a different address format will be needed when SSH access isn't available:

"myprivatemodule": "git://github.com/{owner}/{project}.git#0.3.1"

Depending on your OS, you may also be able to link to the dependency in another folder where you have it cloned from Github.