What does "dev" true means in package-lock.json file?
In my case it is automatically updated when I perform npm operations.
How can we remove it?
Asked
Active
Viewed 4.3k times
104
Alexander Abakumov
- 13,617
- 16
- 88
- 129
Mustafa bw
- 1,290
- 3
- 12
- 21
-
1There are a lot of mysteries about `package-lock.json`. The hash sometimes has a longer version and a shorter version, besides this `dev` thing. – addlistener Jun 26 '18 at 11:19
3 Answers
48
So answering your first question, "dev": true in package-lock.json means this dependency won't be installed by npm install/npm ci when running in production mode.
Having dependencies used only for local development environment marked with "dev": true and then using --production in your CI might save you some build time.
From documentation https://docs.npmjs.com/cli/install#description:
By default,
npm installwill install all modules listed as dependencies inpackage.json.With the
--productionflag (or when theNODE_ENVenvironment variable is set toproduction), npm will not install modules listed indevDependencies.
gordey4doronin
- 902
- 9
- 8
15
I think this paragraph tries to illustrate how the package dependency's dev: true is assigned.
- Directly development dependency ->
dev: true - With only indirect development dependency ->
dev: true - Directly development dependency however
it also has indirect non-develop dependency -> no
dev: true
In other words, once a develop dependency package is indirectly dependent by a non-development package, it shall be dev: false and thus it will be included in the build process. The purpose of this rule is to make sure that packages needed by the non-develop package will not have "dev: true".
Besides, if I install via npm install -D <name>, then the package will be installed as the develop package thus no dev: true changes may occur. However, if install via npm install <name>, this may remove many existing dependencies' "dev: true" attribute.
For example, I run npm install -D bestzip in my project and the result is:
- 53 dependencies with "dev": true added
Run npm install bestzip and the result is:
- 53 dependencies without "dev": true added
- 43 existing dependencies' "dev": true attribute are removed
Audwin Oyong
- 2,247
- 3
- 15
- 32
Houcheng
- 2,674
- 25
- 32
-
Can't we just say that because a certain dependency is under `"devDependencies": {..}` in package.json, it's subdependencies will have `"dev": true` appended in case we run `npm install` – hipokito May 25 '21 at 16:16
10
From the npm docs at https://docs.npmjs.com/files/package-lock.json
If true then this dependency is either a development dependency ONLY of the top level module or a transitive dependency of one. This is false for dependencies that are both a development dependency of the top level and a transitive dependency of a non-development dependency of the top level.
-
31
-
-
62My `package-lock.json` file is constantly changing. The only difference in most cases is the inclusion or removal of 'dev: true'! Given its alleged purpose, I certainly am not moving dependencies between that and 'devDependencies' so fail to understand why I'm seeing this change. – HankCa Jan 18 '19 at 02:03
-
12Simplified version: if package added as **dev**-dependency and also used by other packages from **dev**-dependencies, then `dev: true`. If that package was required by _at least one_ package from dependencies - npm switches it `dev: false`. – im.pankratov Nov 06 '19 at 13:23
-
1A transitive dependency example would be: If packageA relies on packageB as a `development` dependency, and packageB relies on packageC as a `development` dependency, then packageC is a transitive dependency of packageA. – AnthW Aug 10 '20 at 08:59
-
4@HankCa I had the same issue (`"dev": true` being constantly added and removed), and the root of the issue is because sometimes the package install was being done with `npm install --legacy-peer-deps` and, on other moments, with only `npm install` – macabeus Jun 28 '22 at 08:45