ssh links in package.json can backfire for people who have or didn’t have used any additional security measures like 2FA or SSH.
"git+https://github.com/OWNER/REPO.git" - would fail when 2FA is set up, and would fail on token authorization.
"firstname.lastname@example.org:OWNER/REPO.git" - obviously fails when no SSH key is defined.
(Its recommended to have one)
So We decided to use Github Package Registry that allows you to easily publish public/private repos (currently GPR is in open beta). All instructions how to publish/install a package are here
But the latter link, can be misleading. (Although is assuming that everyone in organization has their own PAT generated, which might be a much better solution).
When you setup your
.npmrc with this config:
npm install it will try to download any package’s dependency from your
OWNER domain even though its dependencies are public.
So you can use a config like this to avoid having public dependencies published in your domain.
Further references: Setting up fontawesome pro in your projectTweet