Install of private BitBucket NPM dependency suddenly started failing


I’m having trouble deploying a site with a private BitBucket repository dependency. I’m getting “Host key verification failed”. The odd thing is I’ve deployed multiple other sites many times with the exact same dependency without issue. I’ve tried generating a new app password and removing the git protocol from the URL (i.e. https://… instead of git+https://…) without luck. I’m using the following URL in my package.json

Here’s the exact error (link to full log):
11:31:20 AM: npm ERR! code 128
11:31:20 AM: npm ERR! command failed
11:31:20 AM: npm ERR! command git ls-remote ssh://
11:31:20 AM: npm ERR! Host key verification failed.
11:31:20 AM: npm ERR! fatal: Could not read from remote repository.
11:31:20 AM: npm ERR!
11:31:20 AM: npm ERR! Please make sure you have the correct access rights
11:31:20 AM: npm ERR! and the repository exists.
11:31:20 AM: npm ERR! A complete log of this run can be found in:
11:31:20 AM: npm ERR! /opt/buildhome/.npm/_logs/2020-12-14T10_31_20_260Z-debug.log

hi @EmilEriksen - that’s frustrating. Have you tried revoking the repository’s authentication with Netlify and then re-establishing it again?

Hi Perry,

Thanks for your reply! I tried “Link to a different repository” in Build Settings if that’s what you meant? Unfortunately, that didn’t work.

I just successfully deployed another site that has this in package.json

"dependencies": {
    "nybolig-spa": "git+https://EmilEriksen:<app-password><commit-hash>",

In comparison, the site I’m having issues with has this in package.json

"dependencies": {
    "nybolig-spa": "git+https://EmilEriksen:<app-password><commit-hash>",

This is driving me a little crazy - it’s the same thing (except for the commit hash). The one that successfully deployed is using Node 14 but I already tried that earlier.

Hi, @EmilEriksen. I don’t think the issue is the different commit hash but we can test to be sure.

Would you be willing to please change both dependencies entries to be identical - including the same commit hash? If it still doesn’t work, there is something else happening.

Accessing private Git repositories (for Git submodules) and accessing private npm packages differ slightly:

Would you please take a look at those two support guides to see if either of those are helpful?

Finally, if the private dependency still cannot be accessed, would you please share a link to a successful build of this same private dependency? I ask because comparing the working and non-working site often reveals the differences.

​Please let us know if there are questions for us and we look forward to your reply.

Hi Luke,

Thanks for your reply! I had some more time to look into the issue today and finally managed to resolve it :tada:

I was in a bit of a rush before so I wasn’t thorough enough when I tried Node 14 – I forgot to delete package-lock.json, node_modules and doing npm install after switching from 15 to 14. This is what finally resolved it today. Afterwards I switched back to Node 15 again following the same procedure and then it also started working with Node 15.

Of course, this doesn’t explain why it wasn’t working in the first place. My package.json is unchanged so it’s possible that something was messed up in package-lock.json and simply deleting the file and node_modules was what resolved it and it had nothing to do with the Node version. I think that’s most likely. Otherwise, it would almost have to be something with how npm 6 vs. npm 7 handles git dependencies and unknown hosts but I had a good look at your build image and I don’t see known_hosts or anything .ssh-related being preserved across builds so I don’t see how Node 14 could “fix it for” Node 15.

In summary, it didn’t work and I didn’t know why and now it works and I don’t know why. Regardless, thank you for taking the time @luke @perry!

Seems like it didn’t fully resolve itself anyway. After updating the dependency the problem started occurring again. I’ve opted to roll back to Node 14 for now.