Should i check in node modules

Quote from npmjs FAQ: "If you are paranoid about depending on the npm ecosystem, you should run a private npm mirror or a private cache. I think this points to the issue you are referring, right? A case in point developers. Npm isn't going to disappear over night, so the benefit doesn't really pair up well with the loss of clarity in your commit history and your huge bundle size.

If someone is building an application that they think will still be active in 10 years, it's reasonable to expect that it will receive a lot of maintenance along the way. The point about NPM outages is a much better argument though, although there are probably better ways to mitigate that risk than committing to source.

Even one month down the road is dangerous if you don't commit your dependencies preferably in a separate repository though.

As I found one morning when I cloned one of my projects and found a package version had been removed from npm. I spent half a day changing all my versions of cascading dependencies to get npm update to work and build again. Show 2 more comments. Ryan Daigle Ryan Daigle Thanks for the help Ryan. That got me past the npm version error but now it fails when compiling the redis package.

It looks like it's using a path from my local box on the heroku servers. RyanDaigle Best practice now Nov recommended by both npm npmjs. Would you update your answer as it has top billing? This is to shorten future slug compilation.

Git wont find the files. Show 1 more comment. But Stack Overflow was formatting it weirdly. Just added this. Solved my issue. Why would you have a step that runs on CI that wouldn't run as part of your deployment? This means you don't have parity between the 2 systems!

As the answer says above - commit the folder just ignore the native extensions, that way you are covered for things like npm outages — Voycey. Thanks for your comment. In case this is still up for debate, I would take a look at this stackoverflow post which is almost a duplicate of your question above: stackoverflow. This seems pretty reasonable, and perhaps the most succinct explanation is this: mikealrogers. I do have a package. That's what I checked in, then removed, then added back.

Sorry — matzahboy. Benjamin Crouzier Benjamin Crouzier The site you linked seems to have been let expired and now full of scammy ads. FlavioCopes Updated my answer with link from Wayback Machine. Attach these repositories to your project repository with git submodule : git submodule add Run npm install. Commit submodule repository changes. Commit your project repository changes.

Scenario 1: One scenario: You use a package that gets removed from npm. But: If you contact support, they will check to see if removing that version of your package would break any other installs. Scenario 2: An other scenario where this is the case: You develop an enterprise version of your software or a very important software and write in your package. Calling function1 x can cause errors and problems now. Sign up or log in Sign up using Google.

Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Does ES6 make JavaScript frameworks obsolete?

Podcast Do polyglots have an edge when it comes to mastering programming Featured on Meta. How to set up SSL locally with Node. What is an API proxy? How to make an API request in Node. How does the Event Loop work in Node. How to wait for multiple Promises? How to organize Node. Understanding Promises in Node. How does the Node. Set up and test a. How to Use Environment Variables in Node. How to clean up node modules?

Restart a Node. How to update a Node dependency - NPM? What are NPM scripts? How to uninstall npm packages? How to install npm packages? How to create a package. What Is the Node. What is data brokering in Node. What is package-lock. How to install Node. How to update Node. How to check unused npm packages? When you add a new package, you store the package.

When you decide to update the package version, all you store is the package-lock. You avoid having to put possibly hundreds of MB of dependencies in your repository, and this means that over time it will be faster to work with.

Switching branches and checking out the code are 2 operations hugely affected by the repository size. When working with branches, you might have merge conflicts that extend beyond your code, and instead, involve dependencies code.

This is not nice to deal with and might make you lose a lot of time. Avoiding putting. A pull request or merge if changing the dependencies, is going to have much more files involved in the process.