Description
The entire node_modules/ directory (~148K lines, 2200+ files) is committed to the repository. This causes several problems:
- Massive repo bloat — cloning downloads all vendored dependencies instead of just source code.
- Noisy diffs — any
npm install produces hundreds of changed files, making code review impractical.
- Security risk — vendored dependencies don't get updated through normal
npm audit fix / npm update workflows, and stale vulnerable packages persist silently.
- Platform-specific issues — symlinks in
node_modules/.bin/ show as type changes (T) across OS boundaries (macOS vs Linux).
Expected
node_modules/ should be in .gitignore and excluded from version control. Users should run npm install after cloning to fetch dependencies.
Suggested Fix
Description
The entire
node_modules/directory (~148K lines, 2200+ files) is committed to the repository. This causes several problems:npm installproduces hundreds of changed files, making code review impractical.npm audit fix/npm updateworkflows, and stale vulnerable packages persist silently.node_modules/.bin/show as type changes (T) across OS boundaries (macOS vs Linux).Expected
node_modules/should be in.gitignoreand excluded from version control. Users should runnpm installafter cloning to fetch dependencies.Suggested Fix
git rm -r --cached Easebuzz_NodeJS_kit/node_modules/.gitignoreincludesnode_modules/(already added via NodeJS kit crashes on startup due to deprecated bodyParser() usage and missing dependencies #14)