19

I know how to make an NPM dependency from a GitHub release :

"dependencies": {
  "package-name": "user/repo#v1.0.0"
}

That's nice, but I want to install a specific binary from this release.

I tried 

"dependencies": {
  "package-name": "https://github.com/user/repo/releases/download/v1.0.0/bin.tgz"
}

But I gives me the following error :

❯ npm install
npm ERR! fetch failed https://github.com/user/repo/releases/download/v1.0.0/bin.tgz
npm WARN retry will retry, error on last attempt: Error: fetch failed with status code 404

Binary release assets exist outside of GitHub and are using AWS S3.

The URL github.com/user/repo/releases/download/v1.0.0/bin.tgz is redirecting with a 302 status and a HTTP location header set to https://github-cloud.s3.amazonaws.com/releases/XXX/XXX...

If I try directly with the S3 URL I got a ENAMETOOLONG error (see NPM issue) :

> npm install https://github-cloud.s3.amazonaws.com/releases/XXX/XXX...
npm ERR! tarball.destroy is not a function
npm WARN retry will retry, error on last attempt: Error: ENAMETOOLONG: name too long, open '/var/folders/pn/......

Questions :

  • Why is NPM not following the redirect?
  • Why a 404?
  • Is there a way to link an NPM dependency to a GitHub release's binary tarball? How?

My context and needs :

  • I have a private GitHub repository
  • My package needs to be built before "deploying" (transpilation, etc.)
  • I want to "publish" a tarball of this build in my GitHub release and directly reference it to my NPM dependencies
  • I use a CI service to build, make the tarball and upload it next to the GitHub release
  • I would like to use GitHub release binary as a NPM repository

Related

Improve this question

3 Answers 3

Reset to default
2

I don't think npm provides a way to do this as per their documentation, they support using github's tarballs but not a specific binary attached to a release. https://docs.npmjs.com/cli/install The only way I see it would work is downloading the file and using the "tarball file" way described in the "npm install" docs.

I'm in the same boat and I think I'll end up using npm private repositories.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The 404 is because you are a private repo and didn't include the authentication in the url.

Public repo:

"agentframework": "https://codeload.github.com/agentframework/agentframework/tar.gz/beta"

Private repo:

  1. Create a private access token https://github.com/settings/tokens
  2. Create your own http proxy to download the assert from release. https://developer.github.com/v3/repos/releases/#get-a-single-release-asset
  3. Add the http proxy url to your package.json

package.json

{
  "name": "test",
  "version": "1.0.0",
  "dependencies": {
    "agentframework": "https://codeload.github.com/agentframework/agentframework/tar.gz/beta"
  }
}

BTW: You can use yarn install which I used in my projects

Improve this answer

3 Comments

Can you explain in more detail how you set up the http proxy?
Same 404 happens with public repos
@FLekschas, Thank you for pointing out this issue. I just check the code and found the reason is because GitHub changed their domain for downloading the releases. I have updated the answer. please try the new domain codeload.github.com
-1

Github Releases are based on Git Tags.

"...Versions are based on Git tags."

https://help.github.com/articles/creating-releases/

To specify a version with a Git URL, include an appropriate , such as a tag, at the end as a URL fragment. Example, for a tag named 0.3.1:

"dependencies": {
  "myprivatemodule": "[email protected]:...#0.3.1"
}

The snipped portion (...) should be filled in:

"myprivatemodule": "[email protected]:{owner}/{project}.git#0.3.1"

And, a different address format will be needed when SSH access isn't available:

"myprivatemodule": "git://github.com/{owner}/{project}.git#0.3.1"

kindly taken from: npm install from Git in a specific version

Improve this answer

1 Comment

This works fine to have npm install from the codebase itself, but not to use binaries (e.g. a tarball containing build artifacts) uploaded to github releases

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.