-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No longer installable via NPM #1
Comments
You’re faced with one of two options:
1. Use “npm login” ... I sent an email about this a few months ago. After you login, a token file is created (see previous email), so that you don’t need to login again. This token file can be transferred to other machines. For example, my ElasticBeanstalk deployments go get a read-only NPM login token from S3.
2. Or, you do essentially the same thing, by referencing a git URI, and including SSH certificates on your computer (or in your deployments).
In other words, either way you have a token/certificate/file you need to manage. In light of this, I think it makes most sense to run everything through NPM (for consistency), as opposed to some direct NPM references and some GIT references.
…-B
Sent from my iPhone
On Oct 8, 2018, at 8:52 PM, Mike Ehrenberg ***@***.***> wrote:
Since @barchart/instruments-client-js went private
https://gist.github.com/mvberg/0d40b31bc643f3d7d115384cba42af33#file-npm4040-log-L1
preferable way to fix would be to use ***@***.***/..." paths (so we do not have to npm login)
@bryaningl3
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
i'm just going to override (or provide) your dependency via SSH in my app. not worth having my team of 5 devs (and growing!) now have to login in to NPM - just a another way to increase friction. thanks for the response. |
can you elaborate on why you disagree? are you saying that sharing a master password or "root account" via To my knowledge Barchart does not have a "npm organization" account ($7 per user, etc). Additionally, not sure what we are trying to solve (or prevent) with "private" client side packages .... inevitably the JS code is deployed to the world anyway. |
Will respond in separate email. Standby.
…-B
Sent from my iPhone
On Oct 9, 2018, at 6:01 PM, Mike Ehrenberg ***@***.***> wrote:
can you elaborate on why you disagree?
are you saying that sharing a master password or "root account" via npm login across all teams (including contractors, etc) is good practice? or are you suggesting that one should share a SSH key with other developers who need to install a simple client library?
To my knowledge Barchart does not have a "npm organization" account ($7 per user, etc).
Additionally, not sure what we are trying to solve (or prevent) with "private" client side packages .... inevitably the JS code is deployed to the world anyway.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Since
@barchart/instruments-client-js
went privatehttps://gist.github.com/mvberg/0d40b31bc643f3d7d115384cba42af33#file-npm4040-log-L1
preferable way to fix would be to use "git+ssh://git@github.com/..." paths (so we do not have to
npm login
)@bryaningl3
@facetrollex @nikitakonan
The text was updated successfully, but these errors were encountered: