package.json. Here are two options on how to do that.
First one is to use a special GitHub system user with access to the repository and generate an access token for this user that can be used directly as basic authentication in the HTTPS call. To do that go to Settings > Developer settings on GitHub. There you can switch to Personal access tokens and click Generate new token. Once you define the scopes for the token you can use this token in
package.json as follows:
Note that this option requires you to commit the token but as long as it’s for a private repository and you created a special system user for this it does not have to be the end of the world.
The second option is to use good old SSH. In this case the URL to reference does not need any token:
For SSH option to work you obviously need to be sure you have as a user access to this particular repository and you have generated SSH key for yourself in Settings > SSH and GPG keys. Here is the GitHub guide on adding this key to the ssh-agent.
Even though the SSH option look like the obvious choice, there might be a case where the token works better. For instance it would work automatically on CI server and for all your users even from virtualized environments and you are not forcing anybody to set up SSH keys.
← IT'S OUT NOW
I wrote a complete guide on web application deployment. Ruby with Puma, Python with Gunicorn, NGINX, PostgreSQL, Redis, networking, processes, systemd, backups, and all your usual suspects.