Is there a way to install an npm package locally but not affect package.json or package-lock.json?

Question

I have a project that I'm working on for a client where I have two private packages (which I can't get access to npm install) are inside the package.json.

I do however have access to clone the repos for those said packages. If I simply run an npm install I'll get a permission denied error. Same if I run npm link to the packages.

I've been working around this by removing the packages from the package.json then running npm install ../some-package. This works but isn't a great solution because if I wanted to add a new package I'd have to deal with a bit of a mess with the package.json.

Is there a better way than this?

I have tried running npm link ../some-package but I still get access denied. The only way I've managed to complete an install is by removing the packages then installing them from a local dir.

Answer 1

I don't know the details of your situation, but I see at least two potential solutions to explore.

Option 1: Install the package from the repo

I do however have access to clone the repos for those said packages.

You can install from a git repo and package.json will record that git repo as the source of the package rather than the npm registry.

From the docs at https://docs.npmjs.com/cli/v8/commands/npm-install:

npm install :

Installs the package from the hosted git provider, cloning it with git. For a full git remote url, only that URL will be attempted.

Option 2: Install from the local file system with --no-save

If that approach doesn't work for you, you can try npm install --no-save ../some-package as a build step. The --no-save makes it so it doesn't modify package.json.