.gitignore for Node.js Projects

A proper Node.js .gitignore is critical because the node_modules/ directory alone can contain tens of thousands of files and hundreds of megabytes. Committing it bloats your repository, causes merge conflicts, and slows down every git operation.

Essential patterns for Node.js projects:

• node_modules/ — The dependency directory. This is the single most important line. Every collaborator runs npm install to regenerate it from package-lock.json.
• dist/ and build/ — Compiled output from TypeScript, Babel, or bundlers like webpack and esbuild. These are reproducible artifacts that should not be versioned.
• .env and .env.local — Environment variable files that often contain API keys, database credentials, and secrets. Leaking these into a public repo is a common security incident.
• coverage/ — Test coverage reports generated by Jest, c8, or Istanbul. These are generated on demand and vary between machines.
• .npm and .yarn/cache — Package manager cache directories that are machine-specific.
• *.log — Log files from npm, yarn, or your application runtime (e.g., npm-debug.log, yarn-error.log).
• .next/ or .nuxt/ — Framework-specific build caches if you are using Next.js or Nuxt.

Pro tip: Always commit package-lock.json (or yarn.lock / pnpm-lock.yaml). The lockfile ensures deterministic installs across all environments. Ignoring it leads to "works on my machine" bugs caused by differing transitive dependency versions.

A well-maintained .gitignore keeps your repository lean, your CI pipelines fast, and your secrets safe. Start with the official GitHub template for Node and customize it for your specific stack and tooling requirements.