I followed the basic getting started instructions for Node.js on Heroku here:
https://devcenter.heroku.com/categories/nodejs
These instruction don't tell you to create a .gitignore node_modules, and therefore imply that folder node_modules should be checked in to Git. When I included node_modules in Git repository, my getting started application ran correctly.
When I followed the more advanced example at:
It instructed me to add folder node_modules to file .gitignore. So I removed folder node_modules from Git, added it to file .gitignore, and then redeployed. This time the deployed failed like so:
-----> Heroku receiving push -----> Node.js app detected -----> Resolving engine versions Using Node.js version: 0.8.2 Using npm version: 1.0.106 -----> Fetching Node.js binaries -----> Vendoring node into slug -----> Installing dependencies with npm Error: npm doesn't work with node v0.8.2 Required: [email protected] || 0.5 || 0.6 at /tmp/node-npm-5iGk/bin/npm-cli.js:57:23 at Object.<anonymous> (/tmp/node-npm-5iGk/bin/npm-cli.js:77:3) at Module._compile (module.js:449:26) at Object.Module._extensions..js (module.js:467:10) at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) at Module.require (module.js:362:17) at require (module.js:378:17) at Object.<anonymous> (/tmp/node-npm-5iGk/cli.js:2:1) at Module._compile (module.js:449:26) Error: npm doesn't work with node v0.8.2 Required: [email protected] || 0.5 || 0.6 at /tmp/node-npm-5iGk/bin/npm-cli.js:57:23 at Object.<anonymous> (/tmp/node-npm-5iGk/bin/npm-cli.js:77:3) at Module._compile (module.js:449:26) at Object.Module._extensions..js (module.js:467:10) at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) at Module.require (module.js:362:17) at require (module.js:378:17) at Object.<anonymous> (/tmp/node-npm-5iGk/cli.js:2:1) at Module._compile (module.js:449:26) Dependencies installed -----> Discovering process types Procfile declares types -> mongod, redis, web -----> Compiled slug size is 5.0MB -----> Launching... done, v9
Running "heroku ps" confirms the crash. OK, no problem, so I rolled back the change, added folder node_module back to the Git repository and removed it from file .gitignore. However, even after reverting, I still get the same error message on deploy, but now the application is running correctly again. Running "heroku ps" tells me the application is running.
What's the right way to do this? Include folder node_modules or not? And why would I still be getting the error message when I rollback? My guess is the Git repository is in a bad state on the Heroku side.
Not committing node_modules implies you need to list all your modules in the package. json (and package-lock. json ) as a mandatory step. This is great because you might not have the diligence to do so, and some of the npm operations might break if you don't.
Git and npm provides an easy way to avoid pushing bulky node_modules to a GitHub repository using the . gitignore file and npm install command. A package. json file is the source to regenerate node_modules , so this file is enough to set up a fresh copy of a Node project.
No, You don't need to push your node_modules folder to production whether it is a static export or dynamic build. When you export a static build the source file is converted into HTML & js files. So there is no need for node modules on production env.
Having your node_modules checked in guarantees that two developers running the code are running the exact same code with the exact same set of dependencies.
The FAQ is not available anymore.
From the documentation of shrinkwrap
:
If you wish to lock down the specific bytes included in a package, for example to have 100% confidence in being able to reproduce a deployment or build, then you ought to check your dependencies into source control, or pursue some other mechanism that can verify contents rather than versions.
Shannon and Steven mentioned this before but I think it should be part of the accepted answer.
The source listed for the below recommendation has been updated. They are no longer recommending the node_modules
folder be committed.
Usually, no. Allow npm to resolve dependencies for your packages.
For packages you deploy, such as websites and apps, you should use npm shrinkwrap to lock down your full dependency tree:
https://docs.npmjs.com/cli/shrinkwrap
For reference, npm FAQ answers your question clearly:
Check node_modules into git for things you deploy, such as websites and apps. Do not check node_modules into git for libraries and modules intended to be reused. Use npm to manage dependencies in your dev environment, but not in your deployment scripts.
and for some good rationale for this, read Mikeal Rogers' post on this.
Source: https://docs.npmjs.com/misc/faq#should-i-check-my-node-modules-folder-into-git
My biggest concern with not checking folder node_modules into Git is that 10 years down the road, when your production application is still in use, npm may not be around. Or npm might become corrupted; or the maintainers might decide to remove the library that you rely on from their repository; or the version you use might be trimmed out.
This can be mitigated with repository managers like Maven, because you can always use your own local Nexus (Sonatype) or Artifactory to maintain a mirror with the packages that you use. As far as I understand, such a system doesn't exist for npm. The same goes for client-side library managers like Bower and Jam.js.
If you've committed the files to your own Git repository, then you can update them when you like, and you have the comfort of repeatable builds and the knowledge that your application won't break because of some third-party action.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With