19

Today I pulled latest from a shared Git repository and noticed that another developer on my team added an NPM package. So I ran npm install, and then saw that my package-lock.json file had changed. When I dug into what had changed, I found that "dev": true had been removed from several package descriptions, for example:

"some-package": {
  "version": "1.0.0",
  "resolved": "https://registry.npmjs.org/whatever/-/some-package-1.0.0.tgz",
  "integrity": "some-big-hash",
  "dev": true
},

The "dev": true is gone after npm install from several packages. Should I be concerned that NPM did this? I don't want these packages to be installed for production.

This question about "dev": true is somewhat related, but there isn't a good answer yet and I still want to know if I'm doing something wrong. Why is NPM removing this?

AJ.
  • 16,368
  • 20
  • 95
  • 150
  • 2
    Related issue/bug reported [here](https://npm.community/t/package-lock-json-keeps-changing-between-platforms-and-runs/1129/10) – RobC Mar 27 '19 at 20:11
  • Does this answer your question? [What is \`"dev" true\` in package-lock.json for?](https://stackoverflow.com/questions/49809490/what-is-dev-true-in-package-lock-json-for) – Justin M. Keyes Jan 28 '20 at 01:35

1 Answers1

3

Your "dev": true disappeared because the package became a non-dev dependency.

A package with "dev": true is only needed in development, not in production.

This means it is required, directly or indirectly, only via devDependencies and not via anything in dependencies.

It will not be installed if you do npm install --production or have NODE_ENV=production in the environment.

Denis Howe
  • 2,092
  • 1
  • 23
  • 25