this post was submitted on 01 Mar 2024
18 points (95.0% liked)
JavaScript
1982 readers
3 users here now
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You only need to worry about devDependencies vs dependencies if you are going to publish the project you are working on as an npm package. If you are making a webapp or something else that you will run, then it doesn't matter.
Not always. If you're publishing your app as a docker image, you want the final image to exclude dev depending to be a small as possible.
This isn't exactly the case but yes, I would prefer to keep the dependency list as small as possible, mainly because I'm subject to security scans and I don't want things to get held up because there's a vulnerability in my linter.
Exactly. If nobody ever runs
npm install <yourpackage>
, don't worry about it. (Like, literally, you can put half your dependences independencies
and half indevDependencies
and it will be fine.)If you do, then every dependency the person who runs that command doesn't necessarily need goes into your
devDependencies
.