Should you submit the node_modules folder to Git?

This is a very good question. There are advantages and disadvantages. I discussed the topic so that you can express your opinion.

Should you submit the node_modules folder to Git?

I mentioned Git, but the same applies to any version control system you happen to use

This is a very good question. There are advantages and disadvantages.

I recommend defaulting toIs notSubmit the node_modules folder and add it to your.gitignorefile.

You may have special needs and need to reverse this decision.

I discussed the topic so that you can express your opinion.

These are some parameters in favor of not submitting node_modules

You keep the Git history clean when you add a new package, you will storepackage.jsonwithpackage-lock.jsonFile changes. When you decide to update the package version, all you store ispackage-lock.jsonFile changes.

package-lock.jsonIs a relatively new feature of npm,Shrink wrapCommands used in the past

You can avoid having to put hundreds of MB of dependencies in the repository, which means that it will be faster to use it over time. Switching branches and checking out code are two operations that are greatly affected by the size of the repository.

When using branches, you may encounter merge conflicts, which are not limited to code, but also involve dependent code. This is not easy to handle and may waste a lot of time for you. Avoid putting

If the dependencies are changed, the pull request or merge will involve more files in the process. The tool slows down and even decides not to show the complete difference (for example, GitHub)

If you deploy to a platform different from the development computer, you need to recompile the native node module (common use case: development on Mac, deployment on Linux). You need to callnpm rebuild, Which will make the server out of sync.

Not submitting node_modules means you need topackage.json(withpackage-lock.json) As a mandatory step. This is great because you may not be diligent, and if you don't, some npm operations may be interrupted.

Tip: You don’t need to use a specific versionpackage.jsonFile, self-importpackage-lock.jsonfile.

If used alonedependencieswithdevDependenciesSubmit bynode_modulesThe folder you basically want to submitdevDependenciesAnd there is no (easy) way to get rid of them in the production version.

What may cause you to submit node_modules and how to mitigate them

OnenpmThe author of the package may delete the package from the npm registry. It happened in the famousleft-pad incident in 2016 (read more). For popular software packages, this rarely happens. If this happens, you may no longer be able to use that particular function.

You might also arguenpmThere is no guarantee that it will exist indefinitely, it may disappear, so to ensure that you have the complete code of the application in the future, an easy way is to submit it with the application.

Every time you use a package, please create a fork on GitHub. Keep it up to date with the origin at regular intervals (can be done automatically).

This is not always feasible, because a software package can have dozens of dependencies of its own.

You can use a dedicated repository server for your project and use that server to host all dependencies.

Options include

Another reason for submitting dependencies is that if you find a bug or want to add something to the library, you can quickly edit the code.

This is a double-edged sword: if you do, then if a new version is released, you will lose the ability to upgrade the package, which is very useful for quick, temporary repairs.

The best solution is to submit a PR that performs the required functions to the original project or branch it, and then use the branch as a dependency.

Download mine for freeNode.js manual


More node tutorials: