Should you commit the node_modules folder to Git?
I mention Git but the same applies to any version control system you happen to use
That’s a good question to have. There are pros and cons.
I suggest the default is to not commit the node_modules folder, and instead add it to your .gitignore
file.
You might have special needs that reverse this decision.
I discuss the topic so you can make your own opinion.
Here are some arguments in favor of not committing node_modules
You keep your Git history clean. When you add a new package, you store the package.json
and package-lock.json
file changes.
When you decide to update the package version, all you store is the package-lock.json
file change.
package-lock.json
is a relatively new feature of npm, that obsoletes the shrinkwrap command used in the past
You avoid having to put possibly hundreds of MB of dependencies in your repository, and this means that over time it will be faster to work with. Switching branches and checking out the code are 2 operations hugely affected by the repository size.
When working with branches, you might have merge conflicts that extend beyond your code, and instead, involve dependencies code. This is not nice to deal with and might make you lose a lot of time. Avoiding putting
A pull request or merge if changing the dependencies, is going to have much more files involved in the process. Tools become slower or even decide to not show the full diff (GitHub, for example)
Native node modules need to be recompiled if you deploy to a platform different than your development machine(common use case: you develop on Mac, deploy on Linux). You need to call npm rebuild
, which takes the server out of sync.
Not committing node_modules implies you need to list all your modules in the package.json
(and package-lock.json
) as a mandatory step. This is great because you might not have the diligence to do so, and some of the npm operations might break if you don’t.
Tip: there is no need to use the specific version in your
package.json
file, no more since the introduction of thepackage-lock.json
file.
If you use separate dependencies
and devDependencies
sets, by committing the node_modules
folder you’re basically committing the devDependencies
and there’s no (easy) way for the production build to get rid of them.
Reasons that might lead you to commit node_modules, and how to mitigate them
An npm
package might be removed by its author from the npm registry. It happened with the famous left-pad
incident in 2016 (read more). This is very rare to happen for popular packages. If this happens, you might no longer have access to that particular piece of functionality.
You might also argue that npm
is not guaranteed to stay around indefinitely, it might disappear, so an easy way to guarantee to have the full code of your application in the future is to commit it along with your app.
Every time you use a package, create a fork on GitHub. Every once in a while, keep it up to date with the origin (can be automated).
This is not always practical as packages can have dozens of their own dependencies.
You can use a private repository server for your project, and use that to host all your dependencies.
Options include
- sinopia
- npm_lazy
- npm-lazy-mirror
- artifactory
- npm Enterprise, from the npm company
Another reason to commit the dependencies is the ability to quickly edit the code, if you find a bug or if you want to add something to a library.
This is a double-edged sword: if you do so, you lose the ability to upgrade the package if new releases are made, and it’s just good for quick, temporary fixes.
The optimal solution is to either submit a PR that does what you want to the original project or fork it and use your fork as a dependency.
Download my free Node.js Handbook
More node tutorials:
- An introduction to the npm package manager
- Introduction to Node.js
- HTTP requests using Axios
- Where to host a Node.js app
- Interact with the Google Analytics API using Node.js
- The npx Node Package Runner
- The package.json guide
- Where does npm install the packages?
- How to update Node.js
- How to use or execute a package installed using npm
- The package-lock.json file
- Semantic Versioning using npm
- Should you commit the node_modules folder to Git?
- Update all the Node dependencies to their latest version
- Parsing JSON with Node.js
- Find the installed version of an npm package
- Node.js Streams
- Install an older version of an npm package
- Get the current folder in Node
- How to log an object in Node
- Expose functionality from a Node file using exports
- Differences between Node and the Browser
- Make an HTTP POST request using Node
- Get HTTP request body data using Node
- Node Buffers
- A brief history of Node.js
- How to install Node.js
- How much JavaScript do you need to know to use Node?
- How to use the Node.js REPL
- Node, accept arguments from the command line
- Output to the command line using Node
- Accept input from the command line in Node
- Uninstalling npm packages with `npm uninstall`
- npm global or local packages
- npm dependencies and devDependencies
- The Node.js Event Loop
- Understanding process.nextTick()
- Understanding setImmediate()
- The Node Event emitter
- Build an HTTP Server
- Making HTTP requests with Node
- The Node fs module
- HTTP requests in Node using Axios
- Reading files with Node
- Node File Paths
- Writing files with Node
- Node file stats
- Working with file descriptors in Node
- Working with folders in Node
- The Node path module
- The Node http module
- Using WebSockets with Node.js
- The basics of working with MySQL and Node
- Error handling in Node.js
- The Pug Guide
- How to read environment variables from Node.js
- How to exit from a Node.js program
- The Node os module
- The Node events module
- Node, the difference between development and production
- How to check if a file exists in Node.js
- How to create an empty file in Node.js
- How to remove a file with Node.js
- How to get the last updated date of a file using Node.js
- How to determine if a date is today in JavaScript
- How to write a JSON object to file in Node.js
- Why should you use Node.js in your next project?
- Run a web server from any folder
- How to use MongoDB with Node.js
- Use the Chrome DevTools to debug a Node.js app
- What is pnpm?
- The Node.js Runtime v8 options list
- How to fix the "Missing write access" error when using npm
- How to enable ES Modules in Node.js
- How to spawn a child process with Node.js
- How to get both parsed body and raw body in Express
- How to handle file uploads in Node.js
- What are peer dependencies in a Node module?
- How to write a CSV file with Node.js
- How to read a CSV file with Node.js
- The Node Core Modules
- Incrementing multiple folders numbers at once using Node.js
- How to print a canvas to a data URL
- How to create and save an image with Node.js and Canvas
- How to download an image using Node.js
- How to mass rename files in Node.js
- How to get the names of all the files in a folder in Node
- How to use promises and await with Node.js callback-based functions
- How to test an npm package locally
- How to check the current Node.js version at runtime
- How to use Sequelize to interact with PostgreSQL
- Serve an HTML page using Node.js
- How to solve the `util.pump is not a function` error in Node.js