New blog domain: kula.blog

It's still work in progress but new posts will be published on  https://kula.blog/ Thanks to 11ty base blog RSS is working from the start so it should be easy to add to your reader if you still use any :) If now then I hope you can sign up to the newsletter where I'll be publishing new posts and interesting articles to it from time to time. Please use  kula.blog  from now on.

How to use NPM packages from private repositories on bitbucket


Using Node.js you want to use NPM packages for reusable parts of the apps you create, that is a common sense. At the same time not everything makes sense as a public module unfortunately. Right now we are using Bitbucket at work for private repositories but there is a problem. How to use them as NPM modules? We do not want to publish them to the public npmjs.org but still want to have an ability to install them easily.

After googling and experimenting I have found simple solution.
First create new user in your organization with obscure password and give it read access to the repo. It is best to assign really obscure password but do not fool yourself. This is convenient but you must sacrifice security a bit. You should always consider how in your context that would be important.

Change example from below to:
user - username
PASS - password of the user
organization - owner of the project (you can find it in bitbucket url to your project)
project - your project name

"dependencies": {
    "private-lib": "git+https://user:PASS@bitbucket.org/organization/project.git#v1.0.0"
}


After that standard npm install should work fine.


Security:
You can argue that if someone has access to your package.json file then it is a no brainer that he has access to the rest of the repository as well, so why I talking about it being security risk?
Mostly because other people in the team... If anyone else in your company will reuse that user for other projects/purposes then one leaked project will mean all of them being public...

Comments

Popular posts from this blog

How to simulate slow connection (developer proxy in Node.js)