I prefer having everything as local as possible.
See this post: Multiple node red instances
That has the advantage of running multiple instances with different node sets and possibly different versions of Node-RED.
As for your second question:
Install all custom nodes in your workspace (where the flows.json is stored, .node-red by default) and setup this workspace as NodeJS project with a package.json (npm init). That way you can keep track of your dependencies.
I'd also recommend versioning each workspace as Git repo.
