Should I check in folder "node_modules" to Git when creating a Node.js app on Heroku?
Second Update
The FAQ is not available anymore.
From the documentation of shrinkwrap
:
If you wish to lock down the specific bytes included in a package, for example to have 100% confidence in being able to reproduce a deployment or build, then you ought to check your dependencies into source control, or pursue some other mechanism that can verify contents rather than versions.
Shannon and Steven mentioned this before but I think, it should be part of the accepted answer.
Update
The source listed for the below recommendation has been updated. They are no longer recommending the node_modules
folder be committed.
Usually, no. Allow npm to resolve dependencies for your packages.
For packages you deploy, such as websites and apps, you should use npm shrinkwrap to lock down your full dependency tree:
https://docs.npmjs.com/cli/shrinkwrap
Original Post
For reference, npm FAQ answers your question clearly:
Check node_modules into git for things you deploy, such as websites and apps. Do not check node_modules into git for libraries and modules intended to be reused. Use npm to manage dependencies in your dev environment, but not in your deployment scripts.
and for some good rationale for this, read Mikeal Rogers' post on this.
Source: https://docs.npmjs.com/misc/faq#should-i-check-my-node-modules-folder-into-git
My biggest concern with not checking folder node_modules into Git is that 10 years down the road, when your production application is still in use, npm may not be around. Or npm might become corrupted; or the maintainers might decide to remove the library that you rely on from their repository; or the version you use might be trimmed out.
This can be mitigated with repository managers like Maven, because you can always use your own local Nexus (Sonatype) or Artifactory to maintain a mirror with the packages that you use. As far as I understand, such a system doesn't exist for npm. The same goes for client-side library managers like Bower and Jam.js.
If you've committed the files to your own Git repository, then you can update them when you like, and you have the comfort of repeatable builds and the knowledge that your application won't break because of some third-party action.
You should not include folder node_modules in your .gitignore file (or rather you should include folder node_modules in your source deployed to Heroku).
If folder node_modules:
- exists then
npm install
will use those vendored libraries and will rebuild any binary dependencies withnpm rebuild
. - doesn't exist then
npm install
will have to fetch all dependencies itself which adds time to the slug compile step.
See the Node.js buildpack source for these exact steps.
However, the original error looks to be an incompatibility between the versions of npm and Node.js. It is a good idea to always explicitly set the engines
section of your packages.json file according to this guide to avoid these types of situations:
{
"name": "myapp",
"version": "0.0.1",
"engines": {
"node": "0.8.x",
"npm": "1.1.x"
}
}
This will ensure development/production parity and reduce the likelihood of such situations in the future.