It was and probably still is fashionable in the node community to check
the dependencies into one's git repository, and it may still be the
case, per the following links. However, Rubyists use
bundler, and I've
never heard of checking gem dependencies into a Ruby project. So what do
we do when we have Node dependencies in a Rails project?
Reasons to include node_modules in git
Stack Overflow on why you should check node_modules into
git and not have
node_modules in your
Mikeal Rogers' post on
Note, this post was from 2011. He says:
Why can’t I just use version locking to ensure that all
deployments get the same dependencies?
Version locking can only lock the version of a top level
dependency. You lock your version of express to a particular
version and you deploy to a new machine 3 weeks later it’s going
to resolve express’s dependencies again and it might get a new
version of Connect that introduces subtle differences that break
your app in super annoying and hard to debug ways because it only
ever happens when requests hit that machine. This is a nightmare,
don’t do it.
and concludes with:
All you people who added node_modules to your gitignore,
remove that shit, today, it’s an artifact of an era we’re all too
happy to leave behind. The era of global modules is dead."
And so this was all true, but before node-shrinkwrap was released
a. Check node_modules into git for things you deploy,
such as websites and apps.
b. Use npm to manage dependencies in your dev environment, but not
in your deployment scripts.
Reasons not to include node_modules in git
Including node_modules in your git repo greatly increases the
potential file churn for files that your team did not create, thus
making pull requests on github problematic due to large numbers of files
One problem with
npm install is that while your package.json file may
be locking down your dependency versions, it does not lock down your
Instead, one can use
lock down all the dependencies, per this answer for Should
“node-modules” folder be included in the git
It's worth noting that supposedly Heroku will use npm-shrinkwrap.json,
per this answer on Stack
Probably the best documentation for this is in the npm-install man
Consequently, I'm going with the approach not including
node_modules in my git repository by:
node_modules in my project specific
I'll do this for my projects until I'm convinced of otherwise!