正如人们指出的，有多种方法可以做到这一点，但最短的版本是:

// from master
"depName": "user/repo",

// specific branch
"depName": "user/repo#branch",

// specific commit
"depName": "user/repo#commit",

// private repo
"depName": "git+https://[TOKEN]:x-oauth-basic@github.com/user/repo.git"

如。

"dependencies" : {
  "hexo-renderer-marked": "amejiarosario/dsa.jsd#book",
  "hexo-renderer-marked": "amejiarosario/dsa.js#8ea61ce",
  "hexo-renderer-marked": "amejiarosario/dsa.js",
}

对于那些来这里获取公共目录的人，请访问npm文档:https://docs.npmjs.com/files/package.json#git-urls-as-dependencies

Git url作为依赖项

Git url可以是这样的:

git://github.com/user/project.git#commit-ish
git+ssh://user@hostname:project.git#commit-ish
git+ssh://user@hostname/project.git#commit-ish
git+http://user@hostname/project/blah.git#commit-ish
git+https://user@hostname/project/blah.git#commit-ish

commit-ish可以是任何标记、sha或分支，可以作为git签出的参数提供。默认为master。

下面是一个更详细的版本，关于如何使用Github令牌而不发布在包中。json文件。

创建个人github访问令牌 在~/.gitconfig中重写安装url

git config --global url."https://<TOKEN HERE>:x-oauth-basic@github.com/".insteadOf https://x-oauth-basic@github.com/

安装私有存储库。用于调试访问错误的详细日志级别。

npm install --loglevel verbose --save git+https://x-oauth-basic@github.com/<USERNAME HERE>/<REPOSITORY HERE>.git#v0.1.27

如果访问Github失败，尝试运行git ls-remote…命令NPM install将打印

如果您想添加既不锚定到master也不锚定到特定提交的依赖项，可以使用semver来完成。像这样:

"dependencies": {
  "some-package": "github:github_username/some-package#semver:^1.0.0"
}

试试这个:

"dependencies" : {
  "name1" : "git://github.com/user/project.git#commit-ish",
  "name2" : "git://github.com/user/project.git#commit-ish"
}

你也可以试试这个，其中visionmedia/express是name/repo:

"dependencies" : {
   "express" : "visionmedia/express"
}

或者(如果npm包模块存在):

"dependencies" : {
  "name": "*"
}

摘自NPM文档

"dependencies": {
  "some-package": "github:github_username/some-package"
}

或者只是

"dependencies": {
  "some-package": "github_username/some-package"
}

https://docs.npmjs.com/files/package.json#github-urls