package fails for private npm modules

[jars]

Packaging with:

node-lambda package ...

will fail when package.json contains modules that are private on npm. I found a solution was to make a .npmrc file, put the following contents in it, and .gitignore it.

//registry.npmjs.org/:_authToken=00000000-0000-0000-0000-000000000000

However, as suggested on the npm docs, they recommend exporting an environment variable instead from your ~/.profile, or ~/.bashrc...

export NPM_TOKEN="00000000-0000-0000-0000-000000000000"

Then, use a NPM_TOKEN environment variable inside the .npmrc:

//registry.npmjs.org/:_authToken=${NPM_TOKEN}

How does one pass the NPM_TOKEN environment variable into the node-lambda package container so that it can be available when it executes npm install --production?

[jars]

I would add to this that node-lambda package also fails when .npmrc is part of the excludeGlobs, although it shouldn't. I have no reason for needing my .npmrc as part of my package to upload to AWS Lambda, but including it in the excludeGlobs prevents the Docker container from seeing it at all.

[nate-anderson-ltk]

Hi all, revitalizing this issue because it is still not clear how to install private packages with node-lambda six years later - hopefully @jars figured out a workaround, but as of version 1.3.0, node-lambda package does not provide a way to install private packages, and fails with no error message and a stack dump from Node internals:

=> Moving files to temporary directory
=> Running npm install --production
node:child_process:397
      ex = new Error('Command failed: ' + cmd + '\n' + stderr);
           ^

Error: Command failed: npm -s install --production --no-audit --prefix /tmp/archive-source-lambda

    at ChildProcess.exithandler (node:child_process:397:12)
    at ChildProcess.emit (node:events:390:28)
    at ChildProcess.emit (node:domain:475:12)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
    at Process.callbackTrampoline (node:internal/async_hooks:130:17) {
  killed: false,
  code: 1,
  signal: null,
  cmd: 'npm -s install --production --no-audit --prefix /tmp/archive-source-lambda'

I am using yarn 1.22.4 on node v16.20.2 on an M1 Mac (same issue appears in Github Actions runner). I have added an .npmrc file to the project that looks like this:

@MY_ORG:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}

And my CI process passes GITHUB_TOKEN to the build step so it should be populated here. Note that running yarn install in CI works perfectly fine - it doesn't appear to be yarn or npm that has trouble authenticating to Github packages, it's only when using node-lambda. It may also be worth mentioning that this unhelpful error trace has not changed at any point during my debugging process, so it's entirely possible that node-lambda is blowing up before even attempting to fetch the package - based on the ChildProcess hints in the logs above, it seems like all logs being generated by the commands node-lambda is running are being swallowed.

Unfortunately, the only reason I find it necessary to install private packages this way is that node-lambda doesn't seem to handle local imports without a bundling step, and it actually seemed simpler to just put my shared code in a private package than to add a bundling step to all 15 of my lambdas. If there is a better way to bundle local dependencies, I would love to hear about that as well!

Thanks!