Unablet to download npm dependency from a private GitHub repo

bmgandhi · May 5, 2026, 8:13pm

I have a React project, which has an npm dependency pointing to one of my private GitHub repositories. In the initialization stage, the npm install fails. I went through different articles posted online, including Netlify Forums. I tried with different approaches, but none of them worked.

SSH Approach

"my-private-pkg": "git+ssh://git@github.com:my-username/my-package#1.1.1"

Netlify’s Private/Public Key

First, I put the Public Key that I got from the Netlify Project Configuration in the Deploy keys section of my GitHub repo containing my package. But it didn’t work.

Custom Private/Public Key

Second, I created a new pair of Private/Public key. Pasted that Public key in my repo’s Deploy Keys section and set the private key (base64-encoded) in a secret variable of Netlify as SSH_KEY. Then added the code below to my setup_ssh.sh script and put that in preinstall command in package.json.

#!/usr/bin/env bash

mkdir -p ~/.ssh
echo "${SSH_KEY}" | base64 -d > ~/.ssh/id_rsa
chmod og-rwx ~/.ssh/id_rsa
ssh-keyscan -H github.com >> ~/.ssh/known_hosts

# package.json
"scripts: {
  "preinstall": "base setup_ssh.sh",
  ...
}

Error

4:05:43 AM: npm error command git --no-replace-objects ls-remote ssh://git@github.com/my-username/my-package.git
4:05:43 AM: npm error Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
4:05:43 AM: npm error git@github.com: Permission denied (publickey).
4:05:43 AM: npm error fatal: Could not read from remote repository.
4:05:43 AM: npm error
4:05:43 AM: npm error Please make sure you have the correct access rights
4:05:43 AM: npm error and the repository exists.

HTTPS Approach (with hardcoded PAT)

"my-private-pkg": "git+https://<github-token>:x-oauth-basic@github.com/my-username/my-package#1.1.1"

If I add my GitHub PAT as a hardcoded value in package.json, it works. But Netlify fails on the Build stage, flagging that I hardcoded a secret value.

HTTP Approach (with Netlify Secrets)

"my-private-pkg": "git+https://${GITHUB_TOKEN}:x-oauth-basic@github.com/my-username/my-package#1.1.1"

Upon moving that token to Netlify secrets as GITHUB_TOKEN, it doesn’t work. From the logs, it seems Netlify is unable to replace ${GITHUB_TOKEN} with the value from the secrets.

What am I doing wrong here? Thanks in advance!

Topic		Replies	Views
How to deal with npm dependencies from private repos? Support building , deployment	10	5886	November 6, 2023
Netlify can't install github private repo as npm depencency Support deployment	7	3983	February 17, 2022
Failed to install dependency from GitLab repo Support building , deployment	5	67	December 31, 2024
Netlify Deploy Token Needed for Private NPM Package Support deployment	18	4905	April 17, 2020
Using private GitHub packages with netlify Support building	4	4769	January 14, 2020