I recently wrote an article called Frameworks don't make sense. It got massive attention with over 100,000 views in a day and I just want to span out one of the points about dependencies.
You should always cut the dependencies and vendor them. Don't ever use a package manager to bring them in during the deploy but instead always vendor them.
Vendoring means putting them in your lib/ or vendor/ directory in the master branch. The entire dependency.
First of all, that makes the deploy much quicker. You should strive for sub-second deploys. One click on a button or
git push command and it's deployed and live in production. If you're pulling dependencies in during deploy, that will slow it down to 30 seconds or even minutes. If you deploy 50 times a day, like I do, that quickly adds up to hours of lost time. Speed is one of overlooked competitive advantages.
Second, all these dependencies change all the time and in a year or two, you will no longer be able to deploy. It will error. Dependency not found. Depreciated version. Or it will just simply be deleted because the author of the dependency got fed up with maintaining his project for free.
Therefore, ALWAYS VENDOR DEPENDENCIES!!!
Put them in the /vendor directory of your project, and then just
var dep = require("../vendor/dep"). And you have a build that ships fast and always works and deploys, even ten years from now because with vendoring the master branch is always god and working.