简体繁体 English

NPM项目的每个git分支是否都有不同的node_modules依赖项？

[英]Does every git branch of an NPM project have different node_modules dependencies?

原文 2016-10-21 00:11:04 8 5 node.js/ git/ npm

I assume that when developing an NPM project, that every git branch (or whatever version control system you use) probably points to a different set of node_modules on the filesystem. 我假设在开发NPM项目时，每个git分支（或您使用的任何版本控制系统）可能指向文件系统上的一组不同的node_modules 。 Is that true? 真的吗？ How does that work? 这是如何运作的？ Does it pose any problems for diskspace etc? 它是否会对磁盘空间等造成任何问题？

Or perhaps, since node_modules is most commonly .gitignore'd , then the node_modules files are shared between Git branches? 或者，因为node_modules最常见.gitignore'd ，那么node_modules文件在Git分支之间共享？ Again, how would/does that work? 再一次，它会如何/有效？

*Note that Node.js / NPM is fundamentally different than other platforms/languages since dependencies are typically stored locally to a proejct rather than in some central location on a machine. *请注意，Node.js / NPM与其他平台/语言根本不同，因为依赖关系通常存储在本地，而不是存储在计算机的某个中心位置。

5 个解决方案

By convention, one should not add any files, libraries or binaries which can be generated or pulled in from an external source. 按照惯例，不应添加任何可以从外部源生成或引入的文件，库或二进制文件。 This includes things like node_modules ; 这包括node_modules ; since that is made readily available* once you do npm install , there's no reason or incentive** to want to put that into your source control. 因为一旦你进行了npm install就可以随时使用*，没有理由或激励**想要将它放入源代码控制中。 At worst, it will also bloat your repository, filling your diffs with things you simply don't control and don't necessarily want to review. 在最坏的情况下，它也会膨胀你的存储库，用你根本无法控制但不一定要查看的东西填充你的差异。

I would not expect different Git branches of an NPM project to contain different node_modules folders. 我不希望NPM项目的不同Git分支包含不同的node_modules文件夹。 I'd only expect the one node_modules folder, and if a branch gave me fits about dependencies, I'd look to reinstall the dependencies (and note it down to be sure that something else hadn't gone awry). 我只期望一个node_modules文件夹，如果一个分支让我适应依赖关系，我会寻找重新安装依赖项（并注意它以确保其他东西没有出错）。

As an addendum, any files or folders in .gitignore are simply not indexed or tracked by Git. 作为附录， .gitignore中的任何文件或文件夹都不会被Git索引或跟踪。 If the contents of those files or folders change, Git is none the wiser. 如果这些文件或文件夹的内容发生变化，Git就更聪明了。 This also means, when switching between branches, the contents of the files or folders in .gitignore remain the same. 这也意味着，当在分支之间切换时， .gitignore中的文件或文件夹的内容保持不变。

^{*: Provided that the library you're using isn't suddenly yanked.} ^{*：如果你使用的库没有被突然猛拉。} ^{Or the repository is not impacted by a colossal DDoS.} ^{或者存储库不受巨大的DDoS的影响。}

^{**: There may be some incentive to do this given that the reliability of certain NPM packages hasn't been 100% this year, but that's a team and architecture-driven decision, and I doubt that placing it into source control is the most ideal and convenient way to deal with it.} ^{**：鉴于某些NPM软件包今年的可靠性不是100％，这可能有一些动力，但这是团队和架构驱动的决策，我怀疑将其置于源代码管理中是最大的处理它的理想和方便的方法。}

There are two schools of thought, and both have merit. 有两种思想流派，都有其优点。

1) Never check in node_modules and rebuild on deploy/install 1）永远不要检查node_modules并在deploy / install上重建

The approach relies heavily on NPM and the connectivity of your deploy environment. 该方法在很大程度上依赖于NPM和部署环境的连接性。 node_modules are downloaded and installed (and/or compiled) each time the deploy is run. 每次运行部署时都会下载并安装（和/或编译） node_modules 。

Positives: Your repository is much smaller. 积极因素：您的存储库要小得多。

NPM modules are installed in the environment they will run on. NPM模块安装在它们将运行的环境中。

Concerns: Tied to 3rd party for sources - Go read about that whole left-pad thing. 关注：与第三方联系的消息来源 - 去看看整个left-pad东西。 If one dependency cannot be downloaded, your entire build system is hung out to dry. 如果无法下载一个依赖项，那么整个构建系统都会挂起来干。 "Cranky and paranoid old timers" will cite this as the reason to check everything in (or run your own private NPM somewhere). “Cranky and Paranoid old timers”会将此作为检查所有内容的理由（或在某处运行您自己的私有NPM）。

Branch management - Like you mentioned in the question, some branches might not have the same dependencies. 分支管理 - 就像您在问题中提到的那样，某些分支可能没有相同的依赖关系。 Dev1 adds a new features and used a new package. Dev1添加了新功能并使用了新的包。 Now Dev2 runs the dev branch or whatever, and everything is broken and they need to know to npm install the new package. 现在Dev2运行dev分支或其他什么，一切都坏了，他们需要知道npm install新包。 More subtle is the case where a npm package is version changed (now you need npm update as npm install will say nothing has changed), or where their node_modules are upgraded to work on "new feature 10" but they need to clear everything out to "downgrade" to go fix "prior bug 43". 更简单的是npm软件包的版本更改（现在你需要npm update因为npm install会说没有任何改变），或者他们的node_modules升级为“新功能10”，但他们需要清除所有内容“降级”以修复“之前的错误43”。 If you are in active development with a team of more than 2-3, watch out for this one. 如果您正在积极开发超过2-3的团队，请留意这一点。

Build Time - If it is a concern, it takes a little longer to download and install everything. 构建时间 - 如果需要考虑，下载和安装所有内容需要更长的时间。 Or a lot longer. 或长了不少。

2) Always check in everything you can 2）始终检查所有可能的内容

This approach includes node_modules as part of the repo. 此方法包括node_modules作为repo的一部分。

Positives: Not dependent on 3rd party sources. 积极因素：不依赖于第三方来源。 You have what you need to run. 你有你需要运行的东西。 You code can live on its own forever, and it does not matter if npm is down or a repo is deleted. 你的代码可以永久存在，如果npm关闭或者repo被删除也没关系。

Branches are independent, so new features from Dev1 are auto included when Dev2 switches to that branch 分支是独立的，因此Dev2切换到该分支时会自动包含Dev1的新功能

Deploy time is shorter because not much needs to be installed. 部署时间较短，因为不需要安装太多。

Concerns: Repository is much larger. 担心：存储库要大得多。 Clones of code take longer as there are many more files. 代码克隆需要更长的时间，因为有更多的文件。

Pull Requests need extra care. Pull Requests需要额外的照顾。 If a package is updated (or installed) along with core code, the PR is a mess and sometimes unintelligible. 如果一个软件包与核心代码一起更新（或安装），那么PR就是一团糟，有时难以理解。 "500 files changed", but really you updated a package and changed two lines of core code. “500个文件已更改”，但实际上您更新了一个包并更改了两行核心代码。 It can help to break down into two PRs - one that is is a mess (the package update) and one that is actually reviewable (the core code change). 它可以帮助分解为两个PR - 一个是混乱（包更新）和一个实际可审查（核心代码更改）。 Again, be prepared for this one. 再次，为这一个做好准备。 The packages will not change too often, but your code review takes a little longer (or a little more care) when they do. 这些软件包不会经常更改，但是代码审查需要更长时间（或者更加小心）。

OS Dependent Packages can break. 操作系统依赖包可能会中断。 Basically anything that is installed/compiled with gyp can be OS dependent (among others). 基本上，使用gyp安装/编译的任何东西都可以依赖于操作系统（以及其他）。 Most packages are "pure JS" and, being just scripts, run everywhere. 大多数软件包都是“纯JS”，只是脚本，无处不在。 Imagine all your devs run and test on OSX while you deploy to Linux, you cannot check in those packages that were compiled on a MAC because they will not run on Linux. 想象一下，当您部署到Linux时，所有开发人员都在OSX上运行和测试，您无法检查在MAC上编译的那些包，因为它们不能在Linux上运行。 An odd workaround for this is to define most packages as "dev dependencies" ( --save-dev ) and the ones that need compiled as normal ("production", --save ), then you run npm install --production so the dev dependencies are not installed (and are already present), but the others are. 一个奇怪的解决方法是将大多数软件包定义为“dev dependencies”（ - --save-dev ）和需要编译为正常的软件包（“production”， - --save ），然后运行npm install --production以便dev依赖项未安装（并且已经存在），但其他依赖项是。

Conclusions 结论

It depends. 这取决于。 (Don't you hate hearing that all the time? : ) （你不是一直讨厌听到这个吗？:)

Depending on your team and your concerns, you might go either approach. 根据您的团队和您的顾虑，您可能采取任何一种方法。 Both have their merits, and you will decide which is more beneficial to you. 两者都有其优点，您将决定哪种更有益于您。 Both have drawbacks as well, so be aware of those before you get bit! 两者都有缺点，所以在你得到之前要注意这些！

Two branches having different set of node modules is in scenario where one branch is in development phase and other is your production branch. 具有不同节点模块集的两个分支处于这样的情况：一个分支处于开发阶段而另一个分支处于生产分支。 In such cases development branch will have more node modules than production. 在这种情况下，开发分支将拥有比生产更多的节点模块。 If I am not wrong any other scenario might get you in trouble. 如果我没有错，任何其他情况都可能让你遇到麻烦。

Pushing node_modules to remote version control repository is bad practice hence just rely on npm install whenever you clone a branch or pull the code to download any new node module added to package.json. 将node_modules推送到远程版本控制存储库是不好的做法，因此每当克隆分支或拉动代码以下载添加到package.json的任何新节点模块时，只需依赖npm install 。