Best practice for installation of node-red and custom node

I prefer having everything as local as possible.

See this post: Multiple node red instances

That has the advantage of running multiple instances with different node sets and possibly different versions of Node-RED.

As for your second question:
Install all custom nodes in your workspace (where the flows.json is stored, .node-red by default) and setup this workspace as NodeJS project with a package.json (npm init). That way you can keep track of your dependencies.

I'd also recommend versioning each workspace as Git repo.