427

Say I've forked a node module with a bugfix and I want to use my fixed version, on a feature branch of course, until the bugfix is merged and released.

How would I reference my fixed version in the dependencies of my package.json?

olore
  • 3,913
  • 3
  • 21
  • 37
hurrymaplelad
  • 23,777
  • 9
  • 50
  • 72

5 Answers5

599

From the npm docs:

git://github.com/<user>/<project>.git#<branch>

git://github.com/<user>/<project>.git#feature\/<branch>

As of NPM version 1.1.65, you can do this:

<user>/<project>#<branch>
Steve Bennett
  • 84,226
  • 27
  • 133
  • 175
hurrymaplelad
  • 23,777
  • 9
  • 50
  • 72
  • 134
    As of npm 1.1.65, Github URL can be more concise `user/project`. https://www.npmjs.org/doc/files/package.json.html You can attach the branch like `user/project#branch` – dantheta Oct 27 '14 at 02:51
  • 2
    `git://github.com//.git#feature/blah` worked but `/.git#feature/blah` didn't ... perhaps their regex needs to be more advanced to take `feature/blah` into account. This was npm `v1.4.28` – pulkitsinghal Jul 02 '15 at 17:13
  • 6
    How do you include version number? – Richard Aug 17 '16 at 14:07
  • 1
    @hurrymaplelad can I do the same for pull request? If so, how is the command? – roundrobin Apr 10 '18 at 14:53
  • 5
    Updated NPM docs link https://docs.npmjs.com/files/package.json#github-urls – kellen Sep 10 '18 at 15:29
  • @dantheta this is a bad practice... we don't know if Github will implode 4 years down the line, and Gitlab etc becomes the new default. – Ray Foss May 06 '21 at 22:05
144

per @dantheta's comment:

As of npm 1.1.65, Github URL can be more concise user/project. npmjs.org/doc/files/package.json.html You can attach the branch like user/project#branch

So

"babel-eslint": "babel/babel-eslint",

Or for tag v1.12.0 on jscs:

"jscs": "jscs-dev/node-jscs#v1.12.0",

Note, if you use npm --save, you'll get the longer git

From https://docs.npmjs.com/cli/v6/configuring-npm/package-json#git-urls-as-dependencies

Git URLs as Dependencies

Git urls are of the form:

git+ssh://git@github.com:npm/cli.git#v1.0.27 git+ssh://git@github.com:npm/cli#semver:^5.0 git+https://isaacs@github.com/npm/cli.git
git://github.com/npm/cli.git#v1.0.27

If #<commit-ish> is provided, it will be used to clone exactly that commit. If > the commit-ish has the format #semver:<semver>, <semver> can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither #<commit-ish> or #semver:<semver> is specified, then master is used.

GitHub URLs

As of version 1.1.65, you can refer to GitHub urls as just "foo": "user/foo-project". Just as with git URLs, a commit-ish suffix can be included. For example:

{
 "name": "foo",
 "version": "0.0.0",
 "dependencies": {
   "express": "expressjs/express",
   "mocha": "mochajs/mocha#4727d357ea",
   "module": "user/repo#feature\/branch"
 }
}```
Mat Lipe
  • 401
  • 3
  • 9
justingordon
  • 11,553
  • 9
  • 64
  • 111
  • 3
    Depending on a commit sha1 should be the preferred option, particularly if you depend on a repo that is not under your control. Git branches and tags are not immutable (can be deleted / changed, maliciously / by accident), while it's (nearly) impossible to create a sha1 collision. – jakub.g May 16 '16 at 19:24
  • 2
    can I have a branch AND a commit for commit-ish? – munchschair Jul 24 '17 at 15:22
49

If you want to use devel or feature branch, or you haven’t published a certain package to the NPM registry, or you can’t because it’s a private module, then you can point to a git:// URI instead of a version number in your package.json:

"dependencies": {
   "public": "git://github.com/user/repo.git#ref",
   "private": "git+ssh://git@github.com:user/repo.git#ref"
}

The #ref portion is optional, and it can be a branch (like master), tag (like 0.0.1) or a partial or full commit id.

Fizer Khan
  • 71,869
  • 26
  • 133
  • 149
27

On latest version of NPM you can just do:

npm install gitAuthor/gitRepo#tag

If the repo is a valid NPM package it will be auto-aliased in package.json as:

{ "NPMPackageName": "gitAuthor/gitRepo#tag" }

If you could add this to @justingordon 's answer there is no need for manual aliasing now !

vortex
  • 853
  • 8
  • 14
  • 4
    not, it's not. It installs incorrectly. Somehow it does not include whole directory structure from the repository, only some files like package.json, yarn.lock, readme and license. There is no src or dist folders. – StalkAlex Sep 29 '17 at 06:30
  • @StalkAlex https://docs.npmjs.com/cli/publish and then check the repo you are installing for the build scripts. Maybe they are tagged or the post-install does not work for you, it's an issue for that specific package anyway hope this helps ! – vortex Sep 29 '17 at 17:50
  • @vortex thanks, what do you mean exactly by tagging? How this makes such problem? – StalkAlex Sep 30 '17 at 18:23
0

If it helps anyone, I tried everything above (https w/token mode) - and still nothing was working. I got no errors, but nothing would be installed in node_modules or package_lock.json. If I changed the token or any letter in the repo name or user name, etc. - I'd get an error. So I knew I had the right token and repo name.

I finally realized it's because the name of the dependency I had in my package.json didn't match the name in the package.json of the repo I was trying to pull. Even npm install --verbose doesn't say there's any problem. It just seems to ignore the dependency w/o error.

MattS
  • 167
  • 1
  • 8