Using private repos as npm package

Introduction

You may want to use your private repo as npm package for your project for many reason. That repo may be currently work in progress. Or you many not want to spend 7$ per month to buy npm pro account. After reading the whole post you will be able to using your npm package in private repo. You can also share the private repo with your team members by adding their public ssh key into the deploy key of github.

SSH key generate

To generate the key run the following ssh-keygen command to generate public and private ssh key pair. You would be asked to enter the file where you want to save the key. Make sure you input the absolute path. Relative path like ”~/.ssh/test_rsa” will give error “No such file or directory”. Also make sure that the key name, here test_rsa doesn’t conflict with any existing name. Otherwise they will overwrite the existing keys.

➜ ssh-keygen -t rsa -b 4096 -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/geek/.ssh/id_rsa): /Users/geek/.ssh/test_rsa 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/geek/.ssh/test_rsa.
Your public key has been saved in /Users/geek/.ssh/test_rsa.pub.
The key fingerprint is:
SHA256:e5Pn2FjCp97vFNigYHnB6Lzu2GYFXjOnkhcyS9OZuPc [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|         o.      |
|        ....     |
|       o+o.o.    |
|       .XoO..+   |
|       oS@.*. o  |
|        Bo=.   . |
|       ..=*.+ .  |
|       o+. &E.   |
|      .+o.= +oo  |
+----[SHA256]-----+

You can just enter to skip adding any passphrase.

At ~/.ssh, you would have two new files test_rsa and test_rsa.pub. The onw with .pub extension is the public key while the other is private key.

Adding key to private repository

You now need to add the public key to deploy key of the private repo. You can get the public key by running cat ~/.ssh/test_rsa.pub on terminal. You would get an output similar to below.

➜ cat ~/.ssh/test_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQeO04MX5dihd/VTxtEzdWd6UQL7uFVsvd0evH1z3pdZrF9NAh9ZwMsC1Y21lfcOvYy+
ez6Bc2BpCIHOH7VP7MgRMMoi0vrNo8ie9/hKVNagqXRZPbBFKqXdnFCtltBYEN342JfRR1zD5NDSVAraTL9r3udgPcfjwJ6kYfqa/zA8XF
+RjGOASDSHO2Q+L3sO6hXq3+gJTIuPtdW/FuHgoctKnG0yeErCb1gRJevS772SidtumL7T75m9O+PNMOioajGPmUwp1POgl6e157Ta0KF7
kgksDetJSoGCVSiTcxC4Kd0En3ASb7fByRq8OppwcaDjRCdxNKbuq+LgUYsYx7svGyh6leu6+CN79JOWFlgsGVT6qTpNfo/jYGcOGKsqrG
gsxqRNg4pOM1JkeFVpciNZJvd7W8nRX7UNz8Gdi5RaDYadruRej346jMbb08V/mEMGWGQ8est8hYSnrznrgP0huQlPgHje64iFEpUmR1JI
hJQAp7f9XDwj/TZ0Y6WWea8kVO0E5x6VD7pPVunpIGIiADoImql8+FVos8EZPFxf+6Ayl103b/LZqF54kin3l6qbhUPsmADcY2ITUgk8qh
bE70rggYl+63Xzerujss8dhlZdAVIXMGWW7KFKJzNr1td8AOVOeaW0YcBGJ6XmWGWcy191NLgzUUGr63ipockw== [email protected]

Copy the output of the command from terminal. Goto the private repository. Goto the “Settings” and then to the “Deploy keys” section. Click on the “Add deploy key” and paste the key in the “key” section. You can provide the appropriate name to the key in the “Title” section. I suggest adding the name of the user as it becomes easier to manage the keys if more people’s keys are added.

Adding the private package in dependency.

In the package.json in the “dependencies” or “devDependencies” add the package. In my case I had to install the theme from my private repo. To add the package “gatsby-theme-zeus”, I would add the following line in my package.json Here “joeljacobdev” is the username/organisation of the owner of the private repository and “gatsby-theme-zeus” is the package name or the repository name.

{
    "dependencies": {
        "gatsby-theme-zeus": "git+ssh://[email protected]:joeljacobdev/gatsby-theme-zeus.git",
    }
}

Adding scripts

If you need to do local development steps till now is enough. But what if you need to deploy it on some hosting provider. In my case I needed to deploy my site on Netlify. I need to add my ssh key before Netlify install the packages, so I will use “preinstall” script of package.json. Also I need to clear my ssh keys from development enviroment after the package is pulled.

We will make use of Netlify variable to add our private key.

The preinstall script is

#!/bin/bash
if [ "$GIT_SSH_KEY" != "" ]; then
  echo "Detected SSH key for git. Adding SSH config" >&1
  echo "" >&1

  # Ensure we have the ssh folder
  if [ ! -d ~/.ssh ]; then
    mkdir -p ~/.ssh
    chmod 700 ~/.ssh
  fi

  # Load the private key into a file.
  echo $GIT_SSH_KEY | base64 --decode > ~/.ssh/deploy_key

  # Change the permissions on the file to
  # be read-write for this user.
  chmod 600 ~/.ssh/deploy_key

  # Setup the ssh config file.
  # Switch out the hostname for different hosts.
  echo -e "Host github.com\n"
          " IdentityFile ~/.ssh/deploy_key\n"
          " IdentitiesOnly yes\n"
          " UserKnownHostsFile=/dev/null\n"
          " StrictHostKeyChecking no"
          > ~/.ssh/config
fi

And the postinstall script is

#!/bin/bash
if [ "$GIT_SSH_KEY" != "" ]; then
  echo "Cleaning up SSH config" >&1
  echo "" >&1

  # Now that npm has finished running,
  # we shouldn't need the ssh key/config anymore.
  # Remove the files that we created.
  rm -f ~/.ssh/config
  rm -f ~/.ssh/deploy_key

  # Clear that sensitive key data from the environment
  export GIT_SSH_KEY=0
fi

Finally add the preinstall and postinstall script in the scripts key of package.json.

{
    "scripts":{
        "preinstall": "bash setup-ssh.sh",
        "postinstall": "bash cleanup-ssh.sh"
    }
}

We have named the preinstall script as setup-ssh.sh and postinstall script as cleanup-ssh.sh. Now we need to make the scripts executable by running chmod +x setup-ssh.sh cleanup-ssh.sh in the terminal where the scripts are placed (Here in my website’s repo).

The preinstall script will run before the packages are installed. We are using GIT_SSH_KEY as the Netlify variable name under which we will store the private key. Instead of directly pasting the private key we first encode the private key with base64.

Run the following command to base64 -i ~/.ssh/test_rsa -o - get the base64 encoded private key. We paste the base64 encoded string from the terminal in the value field of GIT_SSH_KEY variable in Netlify.

Now we are ready to use the private repo on Netlify to deploy our site.

You can allow more people to access the private repository by adding their public key in the Deploy keys section of the repository.

References

• For the preinstall and postinstall script - https://gist.github.com/corbanb/ca217a529b2493b3980f