Fail to access private GitHub Dependency

Help
1

Hi everyone,

I’m running into an issue when deploying my app on Vercel. Locally, everything works fine, but on Vercel, the deployment fails during npm install.

Here’s the error log:

npm ERR! code 128  
npm ERR! An unknown git error occurred  
npm ERR! command git --no-replace-objects ls-remote ssh://git@github.com/xxx/workflow-builder.git  
npm ERR! Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.  
npm ERR! git@github.com: Permission denied (publickey).  
npm ERR! fatal: Could not read from remote repository.  
npm ERR!  
npm ERR! Please make sure you have the correct access rights  
npm ERR! and the repository exists.  
npm ERR! A complete log of this run can be found in: /vercel/.npm/_logs/2025-01-21T03_16_04_372Z-debug-0.log

The issue seems to be related to a private library I have in the project (workflow-builder). It’s not published on the npm registry but is linked as a GitHub dependency in package.json. Locally, npm install works and downloads the library correctly. However, on Vercel, it fails, even though I’ve set up a .npmrc configuration file.

Here is my package.json declaration:
@xxx/workflow-builder”: “git+ssh://git@github.com/xxxx/workflow-builder.git#main”,

Here’s what I’ve tried so far:

  1. Confirmed that the .npmrc file is correctly configured with my GitHub token.
  2. Verified that the token has the correct permissions (read access to the repository).
  3. Tested the GitHub dependency locally, and it works as expected.

Despite this, the deployment on Vercel still fails. Has anyone encountered this specific issue with private GitHub dependencies on Vercel? Any tips on resolving it?

2

The package declaration may need to include the token. We have a guide that covers all the recommended options for private dependencies here:

Please give that a try and let me know if that gets it working for your project.

3

I visited this guide. However, suggestion doesnt work.
I am using a personal repository (not Github Enterprise).

Recommended solution in guide is to use this package declaration:
“package-name”: “git+https://:<github_token>@github.com//.git”

However, when I declare my package this way I get this error on my machine:

**npm** error code 128
**npm** error An unknown git error occurred
**npm** error command git --no-replace-objects ls-remote https://RafaelRViana:***@github.com/RafaelRViana/workflow-builder.git
**npm** error remote: Support for password authentication was removed on August 13, 2021.
**npm** error remote: Please see https://docs.github.com/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
**npm** error fatal: Authentication failed for 'https://github.com/RafaelRViana/workflow-builder.git/'
4

For a regular GitHub account, you would need to use a GitHub personal access token and the format "package-name": "git+https://<username>:<github_token>@github.com/<user>/<repo>.git"

If you use it with that format, do you still see the same error?

5

I noticed the issue now. I tested this format with Github PAT directly into the package.json and it worked.

However, if I try to get GITHUB_TOKEN from .env file it is throwing the error.

Example:
“package-name”: “git+https://:${GITHUB_TOKEN}@github.com//.git”

I will figure out now how to get it from .env file, since I dont think its a good practice to commit my Github Token.

Regards,

2 Likes
6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.