- Home
- Skills
- Supercent Io
- Skills Template
- Npm Git Install
npm-git-install_skill
- Shell
24
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill supercent-io/skills-template --skill npm-git-install- SKILL.md8.6 KB
- SKILL.toon522 B
Overview
This skill shows how to install npm packages directly from GitHub repositories using git URLs. It covers HTTPS and SSH URLs, adding Git-based dependencies to package.json, private repo authentication, common failures, and maintenance tips. Use it to get unreleased versions, specific branches/tags, or private/forked packages that aren’t on the npm registry.
How this skill works
npm accepts git URLs in install commands or package.json and performs a git clone, checks out the requested ref (branch/tag/commit), installs the package dependencies, runs the package 'prepare' script if present, and links any CLI binaries. SSH uses your SSH keys for auth; HTTPS can use a Personal Access Token embedded in the URL or via ~/.npmrc. Global installs follow the same flow but copy artifacts to the global node_modules and link binaries to the global bin folder.
When to use it
- You need an unreleased package or a commit not published to the npm registry.
- You must install a specific branch, tag, or commit (e.g., testing a PR or main).
- Installing packages from private GitHub repositories inside an organization.
- Using a forked repository with custom fixes or features.
- Testing the latest code before a formal release or CI validation.
Best practices
- Pin to a tag or commit for production (avoid using #main in production).
- Prefer SSH for private repos; use PAT via environment variables when needed.
- Commit lockfiles (package-lock.json) for reproducible installs.
- Avoid hardcoding tokens; store them in ENV or ~/.npmrc with variables.
- Install and verify git is available before running npm git installs.
- Use --verbose to capture logs when troubleshooting prepare or build failures.
Example use cases
- Global CLI from a GitHub branch: npm install -g git+https://github.com/owner/repo.git#main
- Dependency in package.json: "pkg": "git+ssh://git@github.com:owner/repo.git#v1.0.0"
- Install private repo via PAT stored in GITHUB_TOKEN environment variable.
- Test latest commit during CI: npm install git+https://github.com/owner/repo.git#commit-sha
- Use a forked package for a bugfix: npm install github:your-username/repo#branch
FAQ
Prefer SSH keys; add your public key to GitHub and use git+ssh URLs. If using a PAT, store it in an environment variable and reference it in the HTTPS URL or ~/.npmrc to avoid exposing tokens.
Why did npm fail with 'prepare' script errors?
The package may require build tools or devDependencies. Ensure git cloned repo can run npm install and npm run prepare locally, and install missing tools (TypeScript, build toolchains) or check verbose logs.
Where are global packages installed when using git URLs?
Global installs go to your global node_modules path (npm root -g). Binaries are linked to the global bin (npm bin -g). Locations vary by platform and nvm usage.