Best practice for nodejs deployment - Directly moving node_modules to server or run npm install command

Question

What is the best practice for deploying a nodejs application?

1) Directly moving the node_modules folders from the development server to production server, so that our same local environment can be created in the production also. Whatever changes made to any of the node modules remotely will not affect our code.

2) Run npm install command in the production server with the help of package.json. Here the problem is, any changes in the node modules will affect our code. I have faced some issues with the loopback module ( issue link ).

Can anyone help me?

Answer 1

Running npm install in production server cannot be done in certain scenario (lack of compiling tools, restricted internet access, etc...) and also if you have to deploy the same project on multiple machines, can be a waste of cpu, memory and bandwidth.

You should run npm install --production on a machine with the same libraries and node version of the production server, compress node_modules and deploy on production server. You should also keep the package-lock.json file to pinpoint versions.

This approach allows you also to build/test your code using development packages and then pruning the node_modules before the actual deploy.

Answer 2

My guess is that by asking this question you don't really understand the point of the package.json file.

The package.json file is explicitly intended for this purpose (that, and uploading to the npm registry), the transfer of a node package without having to transfer the sizeable number of dependencies along with it.

I would go as far as to say that one should never manually move the node_modules directory at all.

Definitely use the npm install command on your production server, this is the proper way of doing it. To avoid any changes to the node_modules directory as compared to your local environment, use the package lock file. That should help with minimising changes to the source code in node_modules .

I mean no bad intent by saying this

Answer 3

Definitely npm install . But you shouldn't do this by your own hand when it comes to deploying your app.

Use the tool for this like PM2 .

As for your concern about changes in packages, the short answer is package-lock.json .

Answer 4

• Moving node_modules folder is overkilled.
• Running npm install might break the version dependencies.
• The best approach is npm ci . It uses the package_lock file and installs the required dependencies without modify the versions. npm ci meant for continuous integration projects. LINK

Answer 5

I am an ASP.NET Core developer but I recently started working with Node.js apps. For me this was one of the challenges you mentioned to move the node_modules folder to production. Instead of moving the whole folder to production or only running the npm install command on production server, I figured out and tried a way of bundling my Node.js app using Webpack into a single/multiple bundles, and I just got rid of the mess of managing node_modules folder. It only picks up the required node_modules packages that are being used/referred in my app and bundles up in a single file along with my app code and I deploy that single file to production without moving the entire node_modules folder.

I found this approach useful in my case but please suggest me if this is not the correct way regarding the performance of the app or if any cons of this approach.