Tool to localize package.json, requirements.txt

This question betrays a lot of ignorance, so please be nice.

Problem: building Node or Python applications in a container where the code depends on modules in private git repositories (on BitBucket, Github, etc) accessed via ssh without adding the ssh keys to the container.

Proposed Solution: using the ssh credentials already on my host, check out the code to the local build context before the build begins and modify package.json/requirements.txt to install from local sources instead of git.

Is there a tool that already does this? I couldn’t figure out a way to get npm to pull modules locally for me without running the module’s build scripts. I just want the code, no build actions. I haven’t tried with pip yet, but I suspect I’ll hit the same kind of problems.

So I’m thinking of writing something that just parses packages.json and requirements.txt and pulls out the git locations, then git pulls them to a subdirectory, then updates the dependency file to show the new location. If I need it to get fancy, I can do that recursively, but my current private dependencies are only one layer deep.

What do you think? is there a better way to do this?