# How do I use private dependencies with Vercel?

**Author:** Matthew Sweeney

---

The Vercel platform allows you to install private dependencies in your project by assigning public or private repositories formatted as npm packages in your package.json file dependencies.

## Private npm dependencies

Adding the `NPM_TOKEN` environment variable to your project allows Vercel to create a `.npmrc` file to install your private npm packages.

You can also reference public or private repositories formatted as [npm packages](https://docs.npmjs.com/about-packages-and-modules) in your package.json file [dependencies](https://docs.npmjs.com/specifying-dependencies-and-devdependencies-in-a-package-json-file). Private repository modules require a special link syntax that varies according to the Git provider.

For GitHub, create a [GitHub personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) with read-only access, and include it in the package URL as follows:

`"package-name": "git+https://<username>:<github_token>@github.com/<user>/<repo>.git"`

For GitHub Enterprise Server, create a [GitHub personal access token](https://docs.github.com/en/enterprise/user/github/authenticating-to-github/creating-a-personal-access-token) with read-only access, and include it in the package URL as follows:

`"package-name": "git+https://<username>:<github_token>@<self-hosted-instance.url>/<user>/<repo>.git"`

For GitLab, create a [GitLab deploy token](https://docs.gitlab.com/ee/user/project/deploy_tokens) with read\_repository access, and include it in the package URL as follows:

`"package-name": "git+https://<token-username>:<token>@gitlab.com/<user>/<repo>.git"`

For GitLab self-managed, create a [GitLab deploy token](https://docs.gitlab.com/ee/user/project/deploy_tokens) with read\_repository access, and include it in the package URL as follows:

`"package-name": "git+https://<token-username>:<token>@<self-hosted-instance.url>/<user>/<repo>.git"`

For Bitbucket, create a [Bitbucket access token](https://support.atlassian.com/bitbucket-cloud/docs/access-tokens/) with "read" access to the repository, and include it in the package URL as follows:

`"package-name": "git+https://x-token-auth:<access-token>@bitbucket.org/<user>/<repo>.git""`

## Other package registries

To use private packages from registries other than npm such as Github, add the contents of your `.npmrc` file as an [Environment Variable](https://vercel.com/docs/concepts/projects/environment-variables) to your project from the Vercel dashboard. This can be found by selecting the project, and viewing the general tab under the project settings.

Select the desired [Environments](https://vercel.com/docs/concepts/projects/environment-variables#environments) and add the key `NPM_RC` with the contents of your `.npmrc` file as the **Value**. If your `.npmrc` contains multiple lines we recommend using [Vercel CLI](https://vercel.com/docs/cli/env) to ensure line breaks are preserved:

`vc env add NPM_RC [environment] < /path/to/.npmrc` Note that when `NPM_RC` and `NPM_TOKEN` are both present, `NPM_RC` will take precedence. Furthermore, Vercel Runtimes are installed from the canonical npm registry so [`registry.npmjs.org`](http://registry.npmjs.org/) must be one of the lines in your `.npmrc` file:

`registry=https://registry.npmjs.org @NAMESPACE:registry=https://npm.pkg.github.com/PACKAGENAME //registry.npmjs.org/:_authToken=TOKEN_FOR_NPM //npm.pkg.github.com/PACKAGENAME/:_authToken=TOKEN_FOR_GITHUB`

## How this Works

At build time, Vercel will dynamically create a `.npmrc` file and then install your dependencies from `package.json`.

This allows you access to private packages without having to commit your own `.npmrc` file to source control.

---

[View full KB sitemap](/kb/sitemap.md)
