Assumed that I have written a module for Node.js which I would like to keep private. I know that I can (should) add the line:
假设我已经为Node编写了一个模块。我想保密。我知道我可以(应该)加上一句:
"private": "true"
to the package.json file, and I also know that I can npm install this module using a file system path or a link to a git repository, including GitHub.
的包。json文件,我还知道我可以使用文件系统路径或到git存储库(包括GitHub)的链接来安装这个模块。
I also know that I can put such a file system path or a link to a git repo into package.json, so that the dependencies part may look somewhat like this:
我还知道我可以将这样的文件系统路径或到git repo的链接放入包中。json,因此依赖项部分可能看起来像这样:
"dependencies": {
"myprivatemodule": "git@github.com:..."
}
What I now want is not to link to the latest version, but to a specific one. The only possibility I know of is to link to a specific commit using its ID. But this is way less readable and worse maintainable than using a version number such as 0.3.1.
我现在想要的不是链接到最新的版本,而是链接到一个特定的版本。我所知道的唯一的可能性是使用它的ID链接到一个特定的提交,但是这比使用版本号(如0.3.1)更难读,也更难维护。
So my question is: Is it possible to specify such a version number anyway and make npm search the git repository for the latest commit that includes this version?
所以我的问题是:是否有可能指定这样一个版本号,并让npm在git存储库中搜索包含这个版本的最新提交?
If not, how do you resolve this issue in your projects? Do you live with commit IDs or is there a better solution to this?
如果没有,您如何在您的项目中解决这个问题?您使用提交id还是有更好的解决方案?
5 个解决方案
#1
125
A dependency has to be available from the registry to be installed just by specifying a version descriptor.
只需指定版本描述符,就可以从注册表中安装依赖项。
You can certainly create and use your own registry instead of registry.npmjs.org if your projects shouldn't be shared publicly.
如果您的项目不应该公开共享,您当然可以创建并使用您自己的注册表,而不是registry.npmjs.org。
But, if it's not in a registry, it'll have to be referenced by URL or Git URL. To specify a version with a Git URL, include an appropriate <commit-ish>, such as a tag, at the end as a URL fragment.
但是,如果它不在注册表中,则必须通过URL或Git URL引用它。要指定具有Git URL的版本,请在末尾以URL片段的形式包含适当的
Example, for a tag named 0.3.1:
例如,一个名为0.3.1的标签:
"dependencies": {
"myprivatemodule": "git@github.com:...#0.3.1"
}
Note: The above snippet shows the base URL the same as it was posted in the question.
注意:上面的代码段显示的基本URL与在问题中发布的相同。
The snipped portion (
...) should be filled in:被剪断的部分(…)应填入:
"myprivatemodule": "git@github.com:{owner}/{project}.git#0.3.1"And, a different address format will be needed when SSH access isn't available:
而且,当SSH访问不可用时,需要一个不同的地址格式:
"myprivatemodule": "git://github.com/{owner}/{project}.git#0.3.1"
Depending on your OS, you may also be able to link to the dependency in another folder where you have it cloned from Github.
根据您的操作系统,您还可以链接到另一个文件夹中的依赖项,在那里您可以从Github克隆它。
#2
155
The accepted answer did not work for me. Here's what I'm doing to pull a package from github:
公认的答案对我不起作用。下面是我从github上提取一个包裹的方法:
"dependencies": {
"package": "git://github.com/username/package.git#commit"
}
#3
53
If by version you mean a tag or a release, then github provides download links for those. For example, if I want to install fetch version 0.3.2 (it is not available on npm), then I add to my package.json under dependencies:
如果你的版本是指一个标签或一个版本,那么github提供了下载链接。例如,如果我想安装fetch version 0.3.2(在npm上不可用),那么我就添加到我的包中。json在依赖关系:
"fetch": "https://github.com/github/fetch/archive/v0.3.2.tar.gz",
The only disadvantage when compared with the commit hash approach is that a hash is guaranteed not to represent changed code, whereas a tag could be replaced. Thankfully this rarely happens.
与提交哈希方法相比,唯一的缺点是,一个散列不能表示更改的代码,而可以替换一个标记。幸好这种情况很少发生。
Update:
更新:
These days the approach I use is the compact notation for a GitHub served dependency:
这些天,我使用的方法是GitHub提供的依赖项的紧凑表示法:
"dependencies": {
"package": "github:username/package#commit"
}
Where commit can be anything commitish, like a tag. In the case of GitHub you can even drop the initial github: since it's the default.
在哪里提交可以是任何东西,比如标签。对于GitHub,你甚至可以删除初始的GitHub:因为它是默认的。
#4
4
My example comment to @qubyte above got chopped, so here's something that's easier to read...
我上面对@qubyte的示例注释被删除了,这里有一些更容易阅读的东西……
The method @surjikal described above works for branch commits, but it didn't work for a tree commit I was trying include.
上面描述的@surjikal方法适用于分支提交,但不适用于我正在尝试的树提交。
The archive mode also works for commits. For example, fetch @ a2fbf83
归档模式也适用于提交。例如,fetch @ a2fbff83
npm:
npm:
npm install https://github.com/github/fetch/archive/a2fbf834773b8dc20eef83bb53d081863d3fc87f.tar.gz
yarn:
纱:
yarn add https://github.com/github/fetch/archive/a2fbf834773b8dc20eef83bb53d081863d3fc87f.tar.gz
format:
格式:
https://github.com/<owner>/<repo>/archive/<commit-id>.tar.gz
Here's the tree commit that required the
/archive/ mode:
yarn add https://github.com/vuejs/vuex/archive/c3626f779b8ea902789dd1c4417cb7d7ef09b557.tar.gz
for the related vuex commit
对于相关的vuex提交
#5
1
If you're doing this with more than one module and want to have more control over versions, you should look into having your own private npm registry.
如果您正在使用多个模块进行此操作,并且希望对版本有更多的控制,那么您应该考虑拥有自己的私有npm注册表。
This way you can npm publish your modules to your private npm registry and use package.json entries the same way you would for public modules.
通过这种方式,可以将模块发布到私有的npm注册中心并使用包。json条目的方式与公共模块相同。
https://docs.npmjs.com/files/package.json#dependencies
https://docs.npmjs.com/files/package.json的依赖性
#1
125
A dependency has to be available from the registry to be installed just by specifying a version descriptor.
只需指定版本描述符,就可以从注册表中安装依赖项。
You can certainly create and use your own registry instead of registry.npmjs.org if your projects shouldn't be shared publicly.
如果您的项目不应该公开共享,您当然可以创建并使用您自己的注册表,而不是registry.npmjs.org。
But, if it's not in a registry, it'll have to be referenced by URL or Git URL. To specify a version with a Git URL, include an appropriate <commit-ish>, such as a tag, at the end as a URL fragment.
但是,如果它不在注册表中,则必须通过URL或Git URL引用它。要指定具有Git URL的版本,请在末尾以URL片段的形式包含适当的
Example, for a tag named 0.3.1:
例如,一个名为0.3.1的标签:
"dependencies": {
"myprivatemodule": "git@github.com:...#0.3.1"
}
Note: The above snippet shows the base URL the same as it was posted in the question.
注意:上面的代码段显示的基本URL与在问题中发布的相同。
The snipped portion (
...) should be filled in:被剪断的部分(…)应填入:
"myprivatemodule": "git@github.com:{owner}/{project}.git#0.3.1"And, a different address format will be needed when SSH access isn't available:
而且,当SSH访问不可用时,需要一个不同的地址格式:
"myprivatemodule": "git://github.com/{owner}/{project}.git#0.3.1"
Depending on your OS, you may also be able to link to the dependency in another folder where you have it cloned from Github.
根据您的操作系统,您还可以链接到另一个文件夹中的依赖项,在那里您可以从Github克隆它。
#2
155
The accepted answer did not work for me. Here's what I'm doing to pull a package from github:
公认的答案对我不起作用。下面是我从github上提取一个包裹的方法:
"dependencies": {
"package": "git://github.com/username/package.git#commit"
}
#3
53
If by version you mean a tag or a release, then github provides download links for those. For example, if I want to install fetch version 0.3.2 (it is not available on npm), then I add to my package.json under dependencies:
如果你的版本是指一个标签或一个版本,那么github提供了下载链接。例如,如果我想安装fetch version 0.3.2(在npm上不可用),那么我就添加到我的包中。json在依赖关系:
"fetch": "https://github.com/github/fetch/archive/v0.3.2.tar.gz",
The only disadvantage when compared with the commit hash approach is that a hash is guaranteed not to represent changed code, whereas a tag could be replaced. Thankfully this rarely happens.
与提交哈希方法相比,唯一的缺点是,一个散列不能表示更改的代码,而可以替换一个标记。幸好这种情况很少发生。
Update:
更新:
These days the approach I use is the compact notation for a GitHub served dependency:
这些天,我使用的方法是GitHub提供的依赖项的紧凑表示法:
"dependencies": {
"package": "github:username/package#commit"
}
Where commit can be anything commitish, like a tag. In the case of GitHub you can even drop the initial github: since it's the default.
在哪里提交可以是任何东西,比如标签。对于GitHub,你甚至可以删除初始的GitHub:因为它是默认的。
#4
4
My example comment to @qubyte above got chopped, so here's something that's easier to read...
我上面对@qubyte的示例注释被删除了,这里有一些更容易阅读的东西……
The method @surjikal described above works for branch commits, but it didn't work for a tree commit I was trying include.
上面描述的@surjikal方法适用于分支提交,但不适用于我正在尝试的树提交。
The archive mode also works for commits. For example, fetch @ a2fbf83
归档模式也适用于提交。例如,fetch @ a2fbff83
npm:
npm:
npm install https://github.com/github/fetch/archive/a2fbf834773b8dc20eef83bb53d081863d3fc87f.tar.gz
yarn:
纱:
yarn add https://github.com/github/fetch/archive/a2fbf834773b8dc20eef83bb53d081863d3fc87f.tar.gz
format:
格式:
https://github.com/<owner>/<repo>/archive/<commit-id>.tar.gz
Here's the tree commit that required the
/archive/ mode:
yarn add https://github.com/vuejs/vuex/archive/c3626f779b8ea902789dd1c4417cb7d7ef09b557.tar.gz
for the related vuex commit
对于相关的vuex提交
#5
1
If you're doing this with more than one module and want to have more control over versions, you should look into having your own private npm registry.
如果您正在使用多个模块进行此操作,并且希望对版本有更多的控制,那么您应该考虑拥有自己的私有npm注册表。
This way you can npm publish your modules to your private npm registry and use package.json entries the same way you would for public modules.
通过这种方式,可以将模块发布到私有的npm注册中心并使用包。json条目的方式与公共模块相同。
https://docs.npmjs.com/files/package.json#dependencies
https://docs.npmjs.com/files/package.json的依赖性