'NPM install package from private repository using access token from environment

I want to install an npm package from a private repository from a specific branch. I know it's possible if you explicitly specify the token in the package path, but I don't want to keep any access tokens inside of package.json and so I was wondering if there's a way to do this:

"package-name": "git+https://<github_token>:[email protected]/<user>/<repo>.git"

with <github_token> not directly specified in the code, but for it to be read from the environment (either .npmrc or NPM_TOKEN env variable).

Is this possible?

gitnpmdevops


Solution 1:[1]

So I just figured that I can do replace in my pipeline before the installation step, like this:

sed -i "s/ssh:\/\/[email protected]/git+https:\/\/${NPM_TOKEN}:[email protected]/g" package.json \

in package.json I would have:

    "package-name": "ssh://[email protected]/<user>/<repo>",

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 comonadd

Related Questions

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

How can I 'git clone' from another machine?

VS Code / Bitbucket / SSH - Permission denied (publickey)

Differences between git pull origin master & git pull origin/master

git config: remote.<name>.fetch - is it possible to set up exceptions?

Git push hangs when pushing to Github?

How to clone git repository with specific revision/changeset?

Remove a file from the list that will be committed

Unable to create '/git/index.lock': File exists - but it doesn't

VSTS: How to get all linked work items since last successful release to production?

Versioning of debian packaging Information

How to generate ssh keys (for github)

How do I commit case-sensitive only filename changes in Git?