What to do with npm packages for deployment

Question

In my current project i have a lot of apps which all has a lot of npm dependencies. When i deploy an app every app is fetching npm dependencies. It works very well but i don't know the right way for a live deployment. I don't want to check in dependencies to a live deployment branch or something else

Does someone have a good solution dealing with This problem? Handling dependencies for a long time?

On the npm Site they said that i don't use npm for deployment only for development.

Answer 1

There are quite a few reasons why relying on npm for production requirements is bad:

1. npm network latency, failed requests - when automating a production deployment if npm isn't cooperating with your requests for some reason, your deploy may be delayed or fail, what happens when you are trying to push a critical hotfix and deploy breaks?? This could be a probelm regardless of where modules are hosted, but have even less control when using npm public repo

2. npm dependency quality control, breaking updates. The public modules may be updated at any time, which could introduce breaking changes, There should be some sort of guarantee that the npm dependency that is being developed against is the exact version that is being deployed to production.

3. npm sometimes just doesn't work, or gets in strange states (my own experiences :( )

What can be done about this??

• Reference specific versions of npm modules
• host npm dependencies, i think npm offers self-hosted repos, or repos could be forked to private repos and served from github
• focus on deploying artifacts instead of relying on npm for deploys. This can be accomplished by building docker containers or by packaging your app using your native packaging system https://github.com/jordansissel/fpm