Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Installing npm dependency from public GitHub repository fails

See original GitHub issue

In one of my projects I use simple-caldav which contains the following line in its package.json:

dependencies: {
  "ical.js": "github:TimDaub/ical.js#feat/detect-module-mode-build",
  ...
}

It points to a branch here. I’ve submitted a PR to the upstream repo, but it seems they’re not having much time for maintenance.

Anyways, my GH action in the project that has simple-caldav as a dependency looks like this

# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions

name: Node.js CI

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  build:

    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [10.x, 12.x, 14.x]

    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
    - run: npm ci
    - run: npm test

However, when it runs npm ci, it fails like this

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/TimDaub/ical.js.git
npm ERR! 
npm ERR! Warning: Permanently added the RSA host key for IP address '140.82.113.4' to the list of known hosts.
npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR! 
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR! 
npm ERR! exited with error code: 128

Issue Analytics

State:
Created 3 years ago
Reactions:59
Comments:28

Top GitHub Comments

81reactions

Xunnamiuscommented, Mar 31, 2021

I fixed this in my workflows by adding an extra step after the actions/checkout@v2 (with persist-credentials: false) step:

      - name: Checkout
        uses: actions/checkout@v2
        with:
          persist-credentials: false

      - name: Reconfigure git to use HTTP authentication
        run: >
          git config --global url."https://github.com/".insteadOf
          ssh://git@github.com/

Changing from SSH to HTTP makes everything work across all workflows using npm ci (which has several benefits over npm install). If you need to authenticate, use a PAT instead of SSH:

git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf ssh://git@github.com/

35reactions

TimDaubcommented, Dec 11, 2020

~~What ended up fixing it for me is adding the unknown host in my ssh config before npm ci:~~

...
- run: mkdir -p $HOME/.ssh/ && echo "140.82.113.4" >> $HOME/.ssh/known_hosts
- run: npm ci
...

~~It’s far from perfect, but works well as a work around for now. Additionally, disabling ssh’s key checking via config may be an option too. I prefer to go with this more narrow solution.~~

Edit: Turns out this won’t work all the time as the IPs that the package is requested from change

140.82.113.*
140.82.112.*
140.82.114.*

I’ve tested adding ranges and ssh-keyscan, but so far I wasn’t successful.

Edit2:

I think I finally ended up solving it for good. This is what you’ll have to do:

Backup your current RSA keypair at ~/.ssh
Generate a new RSA keypair on your system ssh-keygen -t rsa -C "your_email@example.com". Ideally don’t overwrite your existing keypair at ~/.ssh by entering a custom path.
Take the contents of the generated *.pub key and add it to your SSH keys in your GitHub account settings
In your repo that has the action, navigate to Settings > Secrets and add SSH_PRIVATE_KEY the contents of the private key file that was generated
Then in your repo’s workflow file, add the following before -run: npm ci

...
- uses: webfactory/ssh-agent@v0.4.1
   with:
     ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- run: npm ci
...

For more details, check https://github.com/webfactory/ssh-agent

Top Results From Across the Web

Npm install on GitHub Pull Request fails for the package ...

json file, I have added a dependency that is referencing one of our public repositories. The dependency in the package.json looks like below:...

Can't Read From Remote Git Repository During npm install

This happens when you list a git repository as a dependency in your package.json file. "<somepackage>": "git://github.com/someorg/somerepo.git".

Get error git@github.com: Permission denied (publickey).

Can't npm install GitHub Repository - Get error git@github.com: ... how to successfully install an npm package hosted on my Github account.

npm install build task cannot authenticate to git repo in vsts

Developer Community · Ensure that the GIT repo which has the package you want to install has a package.json at the root. ·...

How to deal with npm dependencies from private repos?

Hello, I have a project where an npm dependency is fetched from a private ... An unknown git error occurred 2:49:51 AM: npm...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Installing npm dependency from public GitHub repository fails

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

indeterministic behaviour building nodejs projects

`npm_version` for npm 7 support