This is good approach, but only for final applications, you should never commit dependencies into repositories of resuable (generic) modules.
I have great experience with that, and to me it's the *only* way to assure that installation of application is straightforward and the only way to make sure that your project is installed in designated places as you expect. First thing: You don't rely on npm repository state. That's not just about npm uptime, but mind that any package may be removed or replaced (even specific version of package may be replaced by the author with different code). Imagine that after one year of finished development you want to install project and you depend on npm state from year before, there's a chance that you'll run into problems. Second thing: You don't rely on the network, therefore you can easily install your product being behind firewall which may block connection to npm repository. On Thursday, December 27, 2012 1:05:45 AM UTC+1, José F. Romaniello wrote: > > Hi all, I have read few times that is better to checking the dependencies > folder into git when you are working on a project that must be deployed, it > seems that this makes testing and maintainance easier. So, the advice seems > "be flexible with the dependencies for libraries, and very strict for > projects". > > For me the pros are: > - dont have to blindly trust the correct use of semver from the package > owner > - make sure everyone has the same versions > - probabily faster to deploy, since npm install will do nothing > > The bigger cons I see is that i dont like something in GIT that can be > auto-generated. It will happen almost for sure that someone will commit a > change in the package.json updating the version of the dependency and > forget about the node_modules or vicecersa. It will be easy to notice if it > breacks a test but not sure who wants to be dealing with that after all... > > Thoughts? experiences? > > > Thanks! > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
