Npm isn't ready for production use. If you're going to use it you either need to ship the modules you need or run it against a private repo of modules.
My first thought was “What about including node_modules in your version control?” Downside is that the repo would be much larger, but if it’s going to expand to that size on the client after running “npm install”, maybe that’s not a big deal? But it feels kinda wrong to do that...
Committing your `node_modules` is a bad idea. The best answer is to either use an offline cache of package tarballs that have been committed to your repo, or an NPM caching proxy.
Yarn has an "offline mirror" feature built in, and Shrinkpack is a tool that can create an offline mirror based on an npm-shrinkwrap.json file.
I haven't actually used an NPM caching proxy myself. It looks like Artifactory does support acting as an NPM proxy. The other tools I've heard of are Sinopia, Verdaccio, and local-npm.