In production, should i clean and reinstall node_modules everytime I deploy?

Question

We have more than 10 instances of prod servers and each time we update our dependencies, so cleaning and re-installing sounds more controlled, but also a bit slower.

Problem is the devops team complain about the time taken to do a clean (after removing existing node_modules) npm install everytime package.json changes. We have noticed sometimes our build breaks on prod if we do run update or install on existing node_modules.

Are there any best practices for production deployment? How can i optimize the process of updating the node_modules safely here?

Answer 1

After a couple of months breaking my head on this. I came across this package on NPM: npm-check-updates.

npm-check-updates allows you to upgrade your package.json dependencies to the latest versions.

All you have to do is run

• npm install npm-check-updates --save
• ncu -u
• npm install

This works very nicely for me.

Answer 2

In newer npm version, there is a feature for locking the version of your dependencies.

There is a file called package-lock.json along with package.json. That lock file will lock the dependency version while you install it on dev environment. So, when you install it on production from package.json using npm install, it will fetch locked version from package-lock.json file and will install specific version same as dev environment.

That means you don't need to clean node_module folder every time on production. You can just install new added dependency from package.json file and its version will be taken from package-lock.json file.

There is another package manager called "yarn" is there which provide same feature, but if you want to stick to npm, then its now possible with new npm version.