Question on git, npm, bower, and CI.

npm-scm.md

Hey, Probably a somewhat n00b question, but on sites of your size that build and release as often as yours do - how do you manage your npm and bower packages? Currently we .gitignore our node_modules and bower_components directories, but I feel we should break that SPOF we have with npm and bower's servers, in the event they're unavailable when our CI is running a build/release.

I had considered checking the packages into git, but;

1. I'm sure this is frequently advised against [citation needed].
2. Some packages such as karma-runner/karma-phantomjs-launcher perform a tailored installation for the OS npm install was run from (eg phantomjs for Windows if installed when on Windows) - so if developer A on Windows runs npm install and checks it into git, CI Server B on Linux will be failing builds.

Is this SPOF something you're even concerned about? And if so, how do you manage it please?

Thanks a lot guys appreciate it.

Jamie.

This new shrinkpack approach seems to be a variation on "Check in node_modules", you get a reduction in diff noise, but in exchange you get quite a large increase in repository size? (Binary file changes are less likely to be stored as per-file-diffs when updating version).

I think the earlier comparison still mostly holds here - we have a mirror set up with nopar and I don't recall running into any real issues with this.

in exchange you get quite a large increase in repository size

— @glenjamin

What are the practical considerations of an increase in size? Remember as well that we're talking about predominantly plain text files, which have been tarred and gzipped.