0

What is the difference between installing a npm package via https and ssh? My expectation is that the downloaded package would be the same but this is not the case. For example:

// package.json
"dependencies": {
    "lodash": "^4.17.19"
    // vs
    "lodash": "[email protected]:lodash/lodash.git#semver:^4.17.19"
}

When I use the first option, the actual npm package gets installed. When I install via the second option, I get only the files that are whitelisted from the repo but not the actual package itself.

I don't see a good explanation in the npm documentation. Why aren't these installing the same thing? Is there a way to install the actual package via ssh and not the commit itself?

Improve this question

1 Answer 1

Reset to default
1

Two ways of installing dependencies.

  1. From NPM repository itself (specify the version)
  2. From github (specify a branch OR commit and tag)

It is advisable to publish to the registry the minified/compiled version of the library than the source unless it is necessary. So, it is possible that what you get from the NPM is different than the source repository itself.

It is really question of the "place" (npm or github) than the method (http or ssh)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This makes sense. So the git+ssh will obviously only pull from git then.
Yes - a related post stackoverflow.com/questions/23210437/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.