It was and probably still is fashionable in the node community to check the
dependencies into one’s git repository, and it may still be the case, per the
following links. However, Rubyists use
bundler, and I’ve never heard of
checking gem dependencies into a Ruby project. So what do we do when we have
Node dependencies in a Rails project?
Reasons to include node_modules in git
- Stack Overflow on why you should check node_modules into git and not have
node_modules in your
- Mikeal Rogers’ post on this. Note, this post was from 2011. He says:
Why can’t I just use version locking to ensure that all deployments get the same dependencies?
Version locking can only lock the version of a top level dependency. You lock your version of express to a particular version and you deploy to a new machine 3 weeks later it’s going to resolve express’s dependencies again and it might get a new version of Connect that introduces subtle differences that break your app in super annoying and hard to debug ways because it only ever happens when requests hit that machine. This is a nightmare, don’t do it.
and concludes with:
All you people who added node_modules to your gitignore, remove that shit, today, it’s an artifact of an era we’re all too happy to leave behind. The era of global modules is dead.”
And so this was all true, but before node-shrinkwrap was released (see below)!
- The Node FAQ clearly states:
- Check node_modules into git for things you deploy, such as websites and apps.
- Use npm to manage dependencies in your dev environment, but not in your deployment scripts.
Reasons not to include node_modules in git
Including node_modules in your git repo greatly increases the potential file churn for files that your team did not create, thus making pull requests on github problematic due to large numbers of files with changes.
One problem with
npm install is that while your package.json file may be
locking down your dependency versions, it does not lock down your dependencies’
Instead, one can use npm-shrinkwrap to lock down all the dependencies, per this answer for Should “node-modules” folder be included in the git repository. It’s worth noting that supposedly Heroku will use npm-shrinkwrap.json, per this answer on Stack Overflow. Probably the best documentation for this is in the npm-install man page.
Consequently, I’m going with the approach not including node_modules in my git repository by:
- Using npm-shrinkwrap.
node_modulesin my project specific
I’ll do this for my projects until I’m convinced of otherwise!