Articles

Manage Node.js Dependencies in Cloud Functions Efficiently (2026)

April 16, 2026 3 min read

The most surprising thing about managing Node.js dependencies in Cloud Functions is how often the biggest performance gains come from removing dependencies, not optimizing them.

Let’s see how this plays out with a simple HTTP-triggered Cloud Function that makes an external API call.

// index.js
const axios = require('axios');

exports.handler = async (req, res) => {
  try {
    const response = await axios.get('https://api.example.com/data');
    res.status(200).send(response.data);
  } catch (error) {
    console.error('Error fetching data:', error);
    res.status(500).send('Internal Server Error');
  }
};

Here’s the package.json:

{
  "name": "my-cloud-function",
  "version": "1.0.0",
  "dependencies": {
    "axios": "^0.27.2"
  },
  "main": "index.js",
  "scripts": {
    "start": "node index.js"
  }
}

When this function is deployed, Cloud Functions installs axios and its own dependencies. The first time it’s invoked, there’s a "cold start" where the environment is provisioned and code is loaded. Subsequent invocations (within a certain time window) reuse the same environment ("warm start"), which is much faster.

The problem is, every dependency you add, even if only used once, contributes to the initial download size, installation time, and memory footprint. For Cloud Functions, where cold starts can be a significant part of latency, this is critical.

Here’s how you can manage this:

1. Analyze Your Dependencies: Before adding anything, ask: "Is this absolutely necessary?" Many tasks, like basic HTTP requests or date manipulation, can be done with Node.js’s built-in modules.

2. Audit Your Existing Dependencies: Use a tool like npm-check or yarn-check to see what’s installed and if they’re actually used.

# Install if you don't have it
npm install -g npm-check

# Run it in your function's directory
npm-check

This will highlight unused packages, outdated packages, and potential issues.

3. Bundle Smartly: For frontend projects, bundlers like Webpack or Rollup are common. For Cloud Functions, you can use them to tree-shake unused code from libraries, but it adds complexity. A simpler approach is to be mindful of what you require(). If you only need a specific function from a large library, see if there’s a way to import just that part (e.g., const { specificFunction } = require('large-library');).

4. Keep Dependencies Lean: If axios is only used for one simple GET request, consider if the built-in https module is sufficient.

// index.js (using built-in https)
const https = require('https');

exports.handler = async (req, res) => {
  const options = {
    hostname: 'api.example.com',
    port: 443,
    path: '/data',
    method: 'GET'
  };

  const request = https.request(options, (response) => {
    let data = '';
    response.on('data', (chunk) => {
      data += chunk;
    });
    response.on('end', () => {
      res.status(200).send(JSON.parse(data));
    });
  });

  request.on('error', (error) => {
    console.error('Error fetching data:', error);
    res.status(500).send('Internal Server Error');
  });

  request.end();
};

This eliminates axios entirely, reducing the deployment package size and avoiding the need to install a third-party package.

5. Version Pinning: Always pin your dependencies to specific versions (e.g., "axios": "0.27.2" instead of "axios": "^0.27.2"). This prevents unexpected breaking changes when a dependency is updated and ensures reproducible builds. While npm’s package-lock.json or Yarn’s yarn.lock handles this during installation, explicitly pinning in package.json is good practice for clarity.

6. Understand the Runtime: Cloud Functions run in a managed Node.js environment. You don’t control the Node.js version directly, but you can specify it in your package.json for local development. The runtime’s Node.js version can affect performance and available features. Ensure your dependencies are compatible with the target runtime.

When you deploy the version using the built-in https module, you’ll notice a smaller deployment package size and a potentially faster cold start time. The mental model is that every byte you send to the Cloud Functions build process is a candidate for download, installation, and execution overhead. Minimizing this overhead directly translates to better performance, especially for functions that might experience infrequent traffic.

The next concept you’ll likely grapple with is managing state and concurrency across multiple function instances.

Want structured learning?

Take the full Cloud-functions course →