Skip to content

fix: Preserve https protocol when working with git #8703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
oldium wants to merge 1 commit into
base: latest
Choose a base branch
from
Open

fix: Preserve https protocol when working with git #8703

oldium wants to merge 1 commit into from
+39 −38

Conversation

@oldium
Copy link

@oldium oldium commented Oct 27, 2025
edited
Loading

This prevents changing URLs from https and git+https into git+ssh, but keeps the fall-back to git+ssh when the protocol is not specified.

The change in pacote is necessary in order to have this fully working.

References

Supersedes #5256
Blocked by npm/pacote#434
Fixes #4305
Fixes #2610
@oldium oldium requested a review from a team as a code owner October 27, 2025 12:10
This was referenced Oct 27, 2025
Open
Open
@oldium oldium changed the title bugfix: Preserve https protocol when working with git Oct 27, 2025
@oldium
Copy link
Author

oldium commented Oct 27, 2025
edited
Loading

Hm. Tests work fine, but in reality, nothing changed (package-lock.json contains git+ssh link), possibly same as in #5256. Investigating...
@oldium
Copy link
Author

oldium commented Oct 27, 2025

It seems also https://github.com/npm/pacote needs the same fix
@oldium
Copy link
Author

oldium commented Oct 27, 2025

The pacote really needs fixing, after the fix the package-lock.json contains git+https link instead of git+ssh, but still the github:repo/project is recorded in dependencies, which is not equivalent (resolves to git+ssh). Almost there... 😁
@oldium oldium force-pushed the fix/git-https branch 2 times, most recently from 675a3c8 to a2ceccd Compare October 27, 2025 15:23
oldium added a commit to oldium/pacote that referenced this pull request Oct 27, 2025
@oldium
bugfix: do not switch to git+ssh for https repository links
a200ae9 
When the URL explicitly contains https, do not try to switch to ssh. This
change is necessary for [npm][3] to retain the protocol, please see the
link and the referenced issues [here][1] and [here][2] reporting problems
when using ssh instead of requested https.

[1]: npm/cli#2610
[2]: npm/cli#4305
[3]: npm/cli#8703

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
@oldium oldium mentioned this pull request Oct 27, 2025
Open
@oldium
Copy link
Author

oldium commented Oct 27, 2025
edited
Loading

Fixed, tested, should work now. The fix in pacote is necessary to have this really fully working.
@oldium oldium changed the title WIP bugfix: Preserve https protocol when working with git Oct 27, 2025
@oldium
Copy link
Author

oldium commented Oct 27, 2025
edited
Loading

If you want to try the patched npm by yourself, feel free to checkout the fix/git-https-full branch from my clone:

git clone -b fix/git-https-full --single-branch --depth=1 https://github.com/oldium/npm-cli.git
cd npm-cli
npm install
npm link

⚠️ Warning

Please note that npm link on Linux likely requires admin permissions unless you are using Node Version Manager (nvm) to have user installation only.

⚠️ Warning

The npm link will replace the global node_modules/npm directory by a link to the local npm-cli directory. Do not delete the npm-cli directory afterwards.

⚠️ Reverting

In order to revert, reinstall the Node.js runtime. This should replace the npm link too. On Windows the system-wide installation of Node.js (not a portable winget installation!) uses user-specific folder, so just delete C:\Users\<user>\AppData\Roaming\npm\node_modules\npm and the global npm from Program Files will be used.
@wraithgar wraithgar changed the title bugfix: Preserve https protocol when working with git Nov 13, 2025
oldium added a commit to oldium/pacote that referenced this pull request Nov 22, 2025
@oldium
bugfix: do not switch to git+ssh for https repository links
37f4bf5 
When the URL explicitly contains https, do not try to switch to ssh. This
change is necessary for [npm][3] to retain the protocol, please see the
link and the referenced issues [here][1] and [here][2] reporting problems
when using ssh instead of requested https.

[1]: npm/cli#2610
[2]: npm/cli#4305
[3]: npm/cli#8703

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
@oldium
bugfix: Preserve https protocol when working with git
3e95c27 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@oldium