Install npm module from gitlab private repository
GitNpmGitlabGit Problem Overview
We are using GitLab for our private project. There are some forked libraries from github, that we want to install as npm module. Installing that module directly from npm is ok and for example this:
npm install git://github.com/FredyC/grunt-stylus-sprite.git
...works correctly too, but doing the same for GitLab, just changing domain gets me this error.
npm WARN `git config --get remote.origin.url` returned wrong result (git://git.domain.com/library/grunt-stylus-sprite.git)
npm ERR! git clone git://git.domain.com/library/grunt-stylus-sprite.git Cloning into bare repository 'D:\users\Fredy\AppData\Roaming\npm-cache\_git-remotes\git-git-domain-com-library-grunt-stylus-sprite-git-6f33bc59'...
npm ERR! git clone git://git.domain.com/library/grunt-stylus-sprite.git fatal:unable to connect to git.domain.com:
npm ERR! git clone git://git.domain.com/library/grunt-stylus-sprite.git git.domain.com[0: 77.93.195.214]: errno=No error
npm ERR! Error: Command failed: Cloning into bare repository 'D:\users\Fredy\App
Data\Roaming\npm-cache\_git-remotes\git-git-domain-com-library-grunt-stylus-spr
ite-git-6f33bc59'...
npm ERR! fatal: unable to connect to git.domain.com:
npm ERR! git.domain.com[0: xx.xx.xx.xx]: errno=No error
From the web interface of GitLab, I have this URL
[email protected]:library/grunt-stylus-sprite.git
. Running this against npm install
it tries to install git
module from npm registry.
However using URL: [email protected]:library/grunt-stylus-sprite.git
is suddenly asking me for the password. My SSH key doesn't include passphrase, so I assume it wasn't able to load that key. Maybe there is some configuration for that I have missed ? Key is located at standard location in my home directory with the name "id_rsa"
.
I am on Windows 7 x64.
UPDATE
Since NPM v3 there is built-in support for GitLab and other sources (BitBucket, Gist), from where you can install packages. It works for public and private ones so it's not exactly related to this, but some might find it useful.
npm install gitlab:<gitlabname>/<gitlabrepo>[#<commit-ish>]
Check out documentation: https://docs.npmjs.com/cli/install
I you want to work with private repos in Gitlab you are required to manage your credentials/auth-token in your .npmrc
. See here: https://docs.gitlab.com/ee/user/packages/npm_registry/#authenticate-to-the-package-registry
Git Solutions
Solution 1 - Git
You have the following methods for connecting to a private gitlab repository
With SSH
git+ssh://gi[email protected]:Username/Repository#{branch|tag}
git+ssh://gi[email protected]/Username/Repository#{branch|tag}
With HTTPS
git+https://gi[email protected]/Username/Repository#{branch|tag}
With HTTPS and deploy token
git+https://<token-name>:<token>@gitlab.com/Username/Repository#{branch|tag}
Solution 2 - Git
Update
As @felix mentioned in comments (thanks @felix) using deploy token
is much more relevant for reading a private registry on gitlab
. This way is the token is compromised, attacker just can read that repository and cannot make changes.
- Log in to your
GitLab
account. - Go to the project you want to create Deploy Tokens for.
- Go to Settings > Repository.
- Click on
Expand
on Deploy Tokens section. - Choose a name and optionally an expiry date for the token.
- Choose the desired scopes. <= select
read_repository
- Click on Create deploy token.
- Save the deploy token somewhere safe. Once you leave or refresh the page, you won’t be able to access it again.
Old answer
Goto User Settings > Access Tokens
and create a new access token
with read_registry
permission.
Copy generated token
, we need it for our package.json
file.
Now in package.json
add the dependency
as below:
"my-module": "git+https://Xaqron:[email protected]/Xaqron/my-module"
Replace Xaqron
with your username and token
with the generated token. You can specify branch
and tag
at the end of url by #{branch|tag}
.
Note: Since access token is located in package.json
anyone who has access to this project can read the repository, so I assume your project is private itself.
Solution 3 - Git
Instead of git://
, use git+ssh://
and npm should do the right thing.
Solution 4 - Git
Although the question is about Gitlab, this question is quite well ranked in google search, so here is some more information about how to fix a similar issue I got with Github.
For me, only changing the url didnt make it work. Here are the steps I had to take to fix this :
git+ssh://[email protected]:owner/repo.git#master
- Create a deploy key and add it to the repo
- Edit git config (
~/.ssh/config
create the file if it doesnt exist) to force the use of the DeployKey instead of the default ssh key
After that the npm install simply worked. All the other options and solutions resulted of the npm install breaking
Solution 5 - Git
For me set the package.json as below works.
"dependencies": {
"<module-name>": "git+http://<username>:<token>@url.git",
}
The token is get from your "Profile Settings - Access Token".
Solution 6 - Git
Just for anyone else who stumbles across this, I couldn't get it working over HTTPS at all - seems it doesn't support the direct link to the repo (e.g. https://git.domain.com/user/somerepo.git
), nor does it support the .tar
, .tar.bz
or .zip
archive versions.
It only seems to work with the .tar.gz
archive.
Full example (with tagged version):
https://git.domain.com/user/somerepo/repository/archive.tar.gz?ref=v1.2.3
Solution 7 - Git
None of the other answers worked for me for a private gitlab.com repo...
This works however:
npm i -S git+ssh://[email protected]:<org>/<project>.git
Its just the git ssh clone url from the project page's "clone" input field with git+ssh://
added to the front of it.
Solution 8 - Git
As far as I can tell where you're going wrong is the git://
protocol. GitLab only supports HTTP(s) and SSH for clones. So you must use one of those methods instead of the git protocol.
Solution 9 - Git
Gitlab now has a package registry where it's possible to build, deploy and host npm packages. With private repositories, it's possible to provide fine-grain access control over the repository contents and the packages.
NPM Packages can be installed from private Gitlab repositories by adding a .npmrc
file alongside package.json
. More info here.
Although it gets complicated when using multiple deploy tokens for different repositories in the same codebase.
With Gitlab it's possible to access the package .tgz
file directly with HTTPS and deploy token. Simply add the project dependency like this:
"@foo/bar": "https://<username>:<token>@gitlab.com/api/v4/projects/<project-id>/packages/npm/@foo/bar/-/@foo/bar-1.0.0.tgz"
@foo/bar is present twice in the URL. @foo is the project scope and bar is the module name and 1.0.0 is the module name. project-id (8-digit numeric) is the Gitlab project ID, which can be seen from the project page under the name. It's possible to even omit @foo from the module name(but not the link).
Using multiple modules with the same scope and different deploy tokens makes managing private repositories secure.
Also Deploy tokens may only have access to package registry
which means, the end-user will not be able to access the complete source code from the repositories.
Solution 10 - Git
This solution only works with yarn
, not npm
, but...
If you need to install the dependency in an environment that has neither git
nor ssh
executables available (like inside docker), you can create a tarball link using repo access key with read API access and then reference it like this:
package.json
{
"dependencies": {
"your-lib-name": "https://gitlab.com/api/v4/projects/1234567/repository/archive?private_token=ABC_123asdfg&sha=abcdef0123456789abcdef0123456789abcdef01",
Where:
1234567
is your Project ID, which can be seen on it's gitlab Project overview page.ABC_123asdfg
is the project Access Key with API Read permission that you createdabcdef0123456789abcdef0123456789abcdef01
is the commit hash