As a node.js developer, there is sometimes a debate about committing node_modules into source control. Having worked with node_modules both in and out of git, I'm adamantly against the checking them in. Here's why:
- Merge conflicts in
node_modulessuck. They're really hard to resolve. - Merge diffs become useless. It's really hard to do a code review when there's tons of
node_modulesjunk to look through - The size of the repo is dramatically increased. This has many side effects. Switching between branches is slower. More importantly, it increases the amount of code you need to send between servers during your deploy process. This can really increase deploy times.
- Deploys are harder! You'll have to
npm rebuildon every machine to make sure native modules are compiled correctly. This of course means thatgit diffon the server will be bloated. - It's too easy to forget to save a module to
package.json. That wouldn't be a problem for deploys because the module is in source control, but this breaks manynpmcommands likenpm dedupe. - It allows people to make one-off changes in
node_modules. This is a huge pain when it comes to upgrading those modules. The better answer is to fix the upstream module (it's open source right?). Failing that, you can fork the module and use npm's namespacing to maintain your fork (hopefully just until upstream is fixed).