I recently wrote an article called Frameworks don't make sense. It got massive attention with over 100,000 views in a day and I want to expand on one of the points about dependencies.
You should always cut the dependencies and vendor them. Don't ever use a package manager to bring them in during the deploy but instead always vendor them.
Vendoring means putting them in your lib/ or vendor/ directory in the master branch. The entire dependency.
First of all, that makes the deploy much quicker. You should strive for sub-second deploys. One click on a button or git push command and it's deployed and live in production. If you're pulling dependencies in during deploy, that will slow it down to 30 seconds or even minutes. If you deploy 50 times a day, like I do, that quickly adds up to hours of lost time. Deployment speed is one of the most overlooked competitive advantages.
Second, all these dependencies change all the time and in a year or two, you will no longer be able to deploy. It will error. Dependency not found. Depreciated version. Or it will just simply be deleted because the author of the dependency got fed up with maintaining his project for free.
THEREFORE ALWAYS VENDOR YOUR DEPENDENCIES!!!
Put them in the /vendor directory of your project, and then just var dep = require("../vendor/dep"). And you have a build that ships fast and always works and deploys, even ten years from now because with vendoring the master branch is always god and working.