The postShould You Commit the Vendor Folder in Go? first appeared onQvault.

The answer to the age-old question of, “should I commit the vendor dependencies in my Go project to source control?” is “almost always“. As an FYI, we here atQvault use Go for all of our backend work, and we always commit our vendor folders. Let’s take a look at the reasoning behind my claim that committing dependencies is ideal.

What Is the Vendor Folder?

If you are coming from Node.js land, Golang’s vendor folder is basically the same as Node’snode_modules. It is a folder found at the root of a module that stores a copy of all the code the module depends on. The code is used to compile the final executable when thego build command is run. As you can imagine, at the heart of the “should we commit vendor?” discussion is the problem of repo size.

node_modules is infamous for its large size.

As a result, conventional wisdom in the Node community is to addnode_modules to the.gitignore file in order to save space. After all, a quicknpm install (or in Go’s casego get) will grab everything right?

Yeah. Yeah it will. Most of the time.

Reproducible Builds

npm Err! 404 'left-pad' is not in the npm registry

The error code above famouslyplagued the developer world because developers were too lazy, or perhaps too sloppy, to write a few simple lines of code. Had a copy of the dependency been committed to all the projects that depended onleftpad then nothing would have been broken when the package was removed fromNPM.

module.exports = leftpad;function leftpad (str, len, ch) {  str = String(str);  var i = -1;  if (!ch && ch !== 0) ch = ' ';  len = len - str.length;  while (++i < len) {    str = ch + str;  }  return str;}

Luckily, up to this point, theGo community has been much more rigorous about upholding the virtues of keeping dependencies to a minimum. When dependencies are kept to a minimum, it’s easy to commit the entirevendor folder without incurring the huge data cost that the averagenode_modules folder would demand.

Final Verdict

Just like the flow chart at the beginning of the post outlines, if you don’t have an insane amount of dependencies, just commit those dependencies! You save yourself the headache of worrying about their source repos being deleted or not having network access when you build your project. On the other hand, if you do have a metric shitload of external code, maybe you should work on cutting the fat.

Thanks For Reading!

Takecomputer science courses on our new platform

Follow and hit us up on Twitter@q_vault if you have any questions or comments

Subscribe to our Newsletter for more programming articles