Should "node_modules" folder be included in the git repository
The answer is not as easy as Alberto Zaccagni suggests. If you develop applications (especially enterprise applications), including node_modules in your git repo is a viable choice and which alternative you choose depends on your project.
Because he argued very well against node_modules I will concentrate on arguments for them.
Imagine that you have just finished enterprise app and you will have to support it for 3-5 years. You definitely don't want to depend on someone's npm module which can tomorrow disappear and you can't update your app anymore.
Or you have your private modules which are not accessible from the internet and you can't build your app on the internet. Or maybe you don't want to depend on your final build on npm service for some reason.
You can find pros and cons in this Addy Osmani article (although it is about Bower, it is almost the same situation). And I will end with a quote from Bower homepage and Addy's article:
“If you aren’t authoring a package that is intended to be consumed by others (e.g., you’re building a web app), you should always check installed packages into source control.”
Modules details are stored in packages.json
, that is enough. There's no need to checkin node_modules
.
People used to store node_modules
in version control to lock dependencies of modules, but with npm shrinkwrap that's not needed anymore.
Another justification for this point, as @ChrisCM wrote in the comment:
Also worth noting, any modules that involve native extensions will not work architecture to architecture, and need to be rebuilt. Providing concrete justification for NOT including them in the repo.
I would recommend against checking in node_modules because of packages like PhantomJS and node-sass for example, which install the appropriate binary for the current system.
This means that if one Dev runs npm install
on Linux and checks in node_modules – it won't work for another Dev who clones the repo on Windows.
It's better to check in the tarballs which npm install downloads and point npm-shrinkwrap.json
at them. You can automate this process using shrinkpack.