Vercel: Can't install npm dependency from git repository

Same here.
This would be great feature to have.
Is there a plan to support this?

cc @TooTallNate 😊

@doque @manico Can you paste an example deployment URL for me to take a look at? If it's private then hop on https://zeit.chat and DM me the URL. Thanks!

https://zeit.co/gravity-manic/chameleon-vuetify/dbjfhuacrk

Same issue here. Any plans to support private git dependencies?

I just ran into this issue, also linking in my package.json to a public repository on github.

I found a workaround though, delete package-lock.json and try now again.

Looks like you forgot to regenerate your package-lock.json after updating the dependency to point to git instead of the npm registry.

You should rm -rf node_modules package-lock.json && npm install to regenerate it, then commit and push those changes. Another option would be to delete the package-lock.json and then add it to .gitignore to prevent this from happening again. But that depends on your preferences, some people like locking down the entire dependency tree.

I use git's SSH syntax for some dependencies and it works perfectly on now.sh:

"my-dep": "[email protected]:me/my-dep.git"

@sholladay It's my understanding that commit and push are not changing anything because now is not relying on git at all. Am I wrong?

Otherwise, I double checked and I didn't forgot to regenerate package-lock.json, so that has to be something else!

You're correct that now doesn't directly rely upon commits or pushes, but it would matter if you are deploying in CI. Further, now pays attention to .gitignore. So if package-lock.json is not in your .gitignore, then this could be a problem.

If you are sure that you either ignore or regenerated package-lock.json, then you should be fine. Of course, it could have also been a fluke with the npm registry.

Can you all try it once more? We pushed some changes last night that are possibly related to this.

I'm experiencing the same issue - in my case I'm trying to deploy an application with a dependency to a private GitHub repo but I'm using an OAuth key to get access to it (https://stackoverflow.com/questions/28728665/how-to-use-private-github-repo-as-npm-dependency). Is that supported? I'm getting "Could not find "module-name" in the module registry!" while deploying (that is working if I run the project locally).

x-oauth-token should definitely work @alanrubin. Hop onto https://zeit.chat and DM me a deployment URL to take a look at if you would like.

I've been also struggling with getting private Github repo NPM dependencies to work nicely. Using the OAuth token works fine, but I don't want to include it in my package.json directly.

Ideally there would be a deployment lifecycle hook that runs just before npm install runs, so you could inject (grep/replace) the token into package.json before it is used. The injection could happen straight from an environment variable and stored secret.

I am using a workaround right now, which involves installing any private git dependencies through a separate postinstall script (from a second package.json that has been augmented with the token at runtime), but it would be great if there would be a better option.

I'm trying a different method right now (http://fiznool.com/blog/2015/05/20/an-alternative-to-npm-private-modules/), and it appears that git+ssh://[email protected] dependencies are not working - this isn't even a private repo, yet it fails:

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://[email protected]/fabien/independent-juggler.git
npm ERR! 
npm ERR! fatal: cannot run ssh: No such file or directory
npm ERR! fatal: unable to fork
npm ERR! 
npm ERR! exited with error code: 128

@TooTallNate any thoughts on the above, perhaps? Thanks!

I can't migrate to Zeit from Heroku without this capability. The way we did it via Heroku was a Heroku specific prebuild script that set the environment variables in the gitconfig: "heroku-prebuild": "git config --global url.\"https://${GITLAB_TOKEN}@gitlab.com/\".insteadOf https://gitlab.com/". I'm not sure anything like this is possible in Zeit. We don't want our tokens stored in the package.json file either.

Thoughts?

Private GitHub / GitLab... repos are still not supported, only private repos through a private NPM org. (From a discussion I had on Slack with tim)

https://gist.github.com/Kovrinic/ea5e7123ab5c97d451804ea222ecd78a

@StephanHoyer what's this?

Its working for me there is one another problem when you install a new package you have to reinstall the private repos package this is a bug i guess

@sahilsharmafrank could you please clarify your approach, and how/if you succeed in the end?

Thank you so much for the effort you have put into this issue! 😊

However, since we completely re-worked the entire codebase of Now CLI and this issue does not apply to the new code anymore, I'm closing it now.

You can read more about our biggest release yet here: https://zeit.co/blog/now-2

@leo FYI this is still happening for us, deploying to now 2.0 with now cli version 12.1.1

we tried all the different ways you can reference a git repo in a package.json, works locally with yarn, but when deploying we get error Couldn't find the binary git

@jake I had the same issue when using a private git in devDependencies, just curious do you have the dotenv property in now.json set to true?

I'm not 100% sure but I think it's linked, just remove that property and deploy again ;-)

But if you're trying to use a private git repo in dependencies it won't work.

@leo FYI this is still happening for us, deploying to now 2.0 with now cli version 12.1.1

we tried all the different ways you can reference a git repo in a package.json, works locally with yarn, but when deploying we get error Couldn't find the binary git

@leo Same situation: Now 2.0 with now cli 12.1.2

They closed something like a hundred issues in the last couple of days, most with the same copy-pasted response. They're definitely not checking whether it _actually_ applies to v2 or not. It's sort of understandable to want to start over. But yeah, this definitely applies to v2. And it's frustrating to have everything closed en mass.

Now V2 supports git urls for dependencies, I just tested it.

It doesn't support the git binary yet, but that's a different issue: #1661
They replied there that they plan to add it soon. (https://github.com/zeit/now-cli/issues/1661#issuecomment-439176199)