DEV Community

Cover image for Installing unpublished npm modules from Git repos
Andreas Sommarström
Andreas Sommarström

Posted on • Originally published at

Installing unpublished npm modules from Git repos

Want to share and collaborate on internal npm modules from your Git repositories during development? Without having to:

  • Push changes to CI/CD systems to build and deploy packages to a registry
  • Store local copies of dependencies (checked out from Git) and manage symlinks for them
  • Manually point dependencies to a specific Git repository (and branch/commit) and maintain a development version of package.json for this

Setting up CI/CD for every feature branch just to be able to share internal packages in development is not ideal. And manual updates and coordination of versions and dependencies for each commit you want to test is not very ergonomic etiher.

Use an easier alternative, by connecting your Git repos to Bytesafe instead. Developers can install a module from Bytesafe, and the appropriate version will be packaged from the Git repository.

And by pulling both private and public npm dependencies from Bytesafe, teams can use one central source and benefit from Bytesafe plugins and policies (that can also be applied on modules sourced from Git repositories).

Git upstreams

Upstreams are linked registries that are used both as a source and destination for packages for your private registry.
When using a Git repository upstream, teams can access internal npm modules in a way that is completely transparent to developers. Without the need for developers to configure anything special, npm modules are easily accessible for your team members' project, with the tools they regularly use.

Example workflow

Using a Git repository as one of the upstreams for a registry. Changes pushed to Git are directly available to be fetched by other team members from Bytesafe(using their regular npm / yarn / pnpm tooling), together with public packages (sourced from

Versions, branches and tags

  • Branches and tags Bytesafe understands Git branches and tags, which makes it easy to install versions from feature branches or release tags
  • Latest The dist-tag @latest is mapped to the last commit in main (i.e "master" or "main") branch
  • Versions The version from package.json in the main branch can also be installed in addition to the versions that the above tags point to
# Installing a pkg from a Git upstream without specifying a version
# Installs the latest commit from the main branch
$ npm -r install 'your-module'
# To install and test your project with a new branch of a dependency, 
# specify the branch when adding the package
$ npm -r install 'your-module@feature-branch'
Enter fullscreen mode Exit fullscreen mode

Multiple modules in a Git repository
Bytesafe finds all modules in a Git repository and makes them available for install (very useful for monorepos).

Configuring Git upstreams

You can add Git repositories as upstreams to a Bytesafe registry in one of two ways:

  • Using a URL Any repository available over HTTPS and with a URL ending with .git. For private repos you can add a username/password for authentication.
  • Using the Github integration you can connect one or more Github accounts to Bytesafe. Allowing you to easily add repos (both public and private) by selecting them in a drop-down list.

Private and public
Both public and private Git repositories can be added as upstreams. The Github integration makes it easy to use private repos without needing to manage tokens.

TL;DR: Treat your Git repos like any registry

Don't compromise on usability just because the source is a Git repository. Include the Git repository into your Bytesafe workflow instead!

Interested? Head over to Bytesafe to try it for yourself.

Top comments (0)