Should “node_modules” folder be included in the git repository

Question

I\'m wondering if we should be tracking node_modules in our repo or doing an npm install when checking out the code?

Answer 1

Modules details are stored in packages.json, that is enough. There's no need to checkin node_modules.

People used to store node_modules in version control to lock dependencies of modules, but with npm shrinkwrap that's not needed anymore.

Another justification for this point, as @ChrisCM wrote in the comment:

Also worth noting, any modules that involve native extensions will not work architecture to architecture, and need to be rebuilt. Providing concrete justification for NOT including them in the repo.

Answer 2

I would like to offer a middle of the road alternative.

1. Don't add node_modules into git.
2. Use a package-lock.json file to nail down your dependency versions.
3. In your CI or release process, when you release a version make a copy of the node_modules folder and back it up (e.g. in cloud storage).

In the rare event that you cannot access NPM (or other registries you use) or a specific package in NPM, you have a copy of node_modules and can carry on working until you restore access.

Answer 3

One more thing to consider: checking in node_modules makes it harder / impossible to use the difference between dependencies and devDependencies.

On the other hand though, one could say it's reassuring to push to production the exact same code that went through tests - so including devDependencies.