Official docs say it’s for

Packages that are only needed for local development and testing.

Umm, okay. Not 100% clear there. Some articles mention things like ESLint or Jest (k, I’m onboard there) but others mention Babel or WebPack. I get that you don’t need WebPack libraries to be loaded in the browser but how the hell do you bundle up your code without it? When you use npm ci or npm install you’ll get all dependencies but isn’t it good practice (in a CICD environment) to use --omit=dev or --only=prod?

  • MariusGundersen@programming.dev
    link
    fedilink
    arrow-up
    4
    ·
    9 months ago

    You only need to worry about devDependencies vs dependencies if you are going to publish the project you are working on as an npm package. If you are making a webapp or something else that you will run, then it doesn’t matter.

    • winky9827b@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      9 months ago

      Not always. If you’re publishing your app as a docker image, you want the final image to exclude dev depending to be a small as possible.

      • BrianTheeBiscuiteer@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        This isn’t exactly the case but yes, I would prefer to keep the dependency list as small as possible, mainly because I’m subject to security scans and I don’t want things to get held up because there’s a vulnerability in my linter.

    • Vincent
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      Exactly. If nobody ever runs npm install <yourpackage>, don’t worry about it. (Like, literally, you can put half your dependences in dependencies and half in devDependencies and it will be fine.)

      If you do, then every dependency the person who runs that command doesn’t necessarily need goes into your devDependencies.