Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can I copy the "node_modules" directory to other machines without having to run "npm install" each time?

Tags:

node.js

npm

Two Linux machines. Both are CentOS x64, but different versions.

Say I run npm install on machine #1, copy my entire application including the node_modules directory to machine #2 and run it there. Is that supported? Or, it is always advised to run npm install on each machine?

I was successful doing npm install on a Centos 6 x64 machine, copying the app including node_modules to a Centos 7 x64 machine. The application seemed to run fine. Even though it worked for me, is this generally safe to do so?

like image 393
Crash Override Avatar asked May 03 '17 04:05

Crash Override

1 Answers

Is it always advised to run npm install on each machine?

Probably so, because that is one of the purposes of a package manager, to maintain your packages easily across machines.

That being said, nothing is stopping you from directly copying node_modules somewhere else. In fact, this might be necessary in the case that you want to add your project to a machine that is offline. Technically, you could even copy them to a machine that doesn't even have npm. From node's perspective, if the node_modules is there, it will find its dependencies.

Is this generally safe to do so?

Well, the security issue isn't really in copying node_modules versus re-installing them. The more important issue is to understand the security implications of all of your dependencies and, when confirming they are safe, to lock them to specific versions in package.json. That way you'll make sure that every npm install installs the same code* (assuming npm itself isn't doing something funky but that's always a trust problem)

*Even if you fix versions in your package.json file, there's still possible breaks that can happen. For example, a dependency of a project you depend on with a specific version itself depends on another package with a version range. This means that, technically, authors of those other packages can add code that no longer supports your version of node or introduce a bug or fix a bug that you actually depend on etc.

If you know your dependencies are safe and you 100% want to leave them that way, copy the node_modules folder and disconnect from the internet :)

Here's a good related read on general state of software dependencies today and another one with more NPM details.

like image 65
nem035 Avatar answered Oct 21 '22 20:10

nem035
Sign in to Comment

Related questions

Function to scan AWS Dynamo DB recursively for Nodejs
How to use S3 SSE C (Server Side Encryption with Client Provided Keys) on NodeJS
Selenium - send_keys() sending incomplete string
Node JS - How to write stream big json data into json array file?
RollupJS `resolve failed: Error: Cannot find module 'babel-runtime'`
Module Not Found from git url dependency
Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
callback is not a function in node js
Node transform stream: append string to end
Escape single quote in Postgres query inside node js app
Deploy nodeJS App without http server on Heroku
Async function never returns
How to locate the sequelize migration file?
Javascript Promise resolving in catch block
Use an array of middlewares at express.js
Node core modules location
how to store session data into custom storage in bot builder
Purpose of assert in NodeJS
Microsoft Bot Framework - New line in prompts
Can I create REST API with XML as response?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!