What is `"dev" true` in package-lock.json for?
I think this paragraph tries to illustrate how the package dependency's dev: true is assigned.
- Directly development dependency -> dev: true
- With only indirect development dependency -> dev: true
- Directly development dependency however it also has indirect non-develop dependency -> no "dev: true"
In other words, once a develop dependency package is indirectly dependent by a non-development package, it shall be dev: false and thus it will be included in the build process. The purpose of this rule is to make sure that packages needed by the non-develop package will not have "dev: true".
Besides, if install via "npm install -D , then the package will be installed as the develop package thus no "dev: true" changes may occur. However, if install via "npm install ", this may remove many existing dependencies' "dev: true" attribute.
For example, I run "npm install -D bestzip" in my project and the ressult is:
- 53 dependencies with "dev": true added
Run "npm install bestzip" and the result is:
- 53 dependencies without "dev": true added
- 43 existing dependencies' "dev": true attribute are removed
So answering your first question,
"dev": true in
package-lock.json means this dependency won't be installed by
npm ci when running in
Having dependencies used only for local development environment marked with
"dev": true and then using
--production in your CI might save you some build time.
From documentation https://docs.npmjs.com/cli/install#description:
npm installwill install all modules listed as dependencies in
--productionflag (or when the
NODE_ENVenvironment variable is set to
production), npm will not install modules listed in