[archgrove]

We're already using "private" modules, by hosting them in a private git repo. NPM can install from these, e.g., git+ssh://user@server:Account/Repo.git, without problems. I'm not sure what value this would add for us, and the URL doesn't sell me well on it.

[vkjv]

This is indeed a great way to shim, but in case any readers aren't aware of the limitations:

* NPM is unable to keep track of the version. This means no semver and that `npm install` re-installs the module every time. * Git sub-modules do not work. This can sometimes be a deal breaker. * This requires either your username password or private key to install. This gets especially messy if you are trying to do some type of CI build (e.g., build a docker container) and don't want your keys to leak into the build artifact.

[Touche]

I would say more correctly that NPM doesn't keep track of the version, not that it isn't able to. Many git tags are version numbers, NPM just doesn't parse them.

[Navarr]

PHP's Composer does this properly, so it's surprising that NPM doesn't.

[xorcist]

Not really. Nobody would need private modules if it did, and they need some monetization strategy.

[joesb]

I would say tying language's main package installer capability to monetary need of the company hurts how I will node/npm as a stable platform.

Imagine if RubyGem/PythonPackage/NuGet goes with this stragtegy.

[seldo]

We're glad private repos work for you :-) However, the overwhelming feedback from our users has been that git dependencies are a gigantic pain in the neck, and this has been our own personal experience as users of npm. Much like npm itself, we are doing something you could do without npm, it's just much easier with npm, and we hope that reduction in friction is valuable :-)

[Touche]

I take this to mean you won't be improving git dependencies then.

[thom_nic]

Is it modeled strictly per-user or is there any notion of an "organization" similar to Github? It's hard to imagine a business having to manage paying for a bunch of individual accounts so they can have access to the company's private repo.

[mts_]

Organization accounts are coming soon:

  Currently, private packages are only available for individual users, but support for organization accounts is coming soon. Feel free to create a user for your organization in the meantime, and we can upgrade it to an organization when support is here.

https://www.npmjs.com/private-modules#organizations

[warfangle]

NPM Enterprise is a potential solution. You have to host it yourself, but it gives you namespaced modules and the option of selectively mirroring the public registry.

[davej]

How does versioning work with this? Do you have to point directly at a branch/tag and get the latest or can you somehow use semver fuzzy versions with this? i.e. versions compatible with 1.4 -> '^1.4'

[BinaryIdiot]

There is no versioning in this way, unfortunately. So yeah you have to point at a branch or tag.