How to shrinkwrap devDependencies, but not install them unless necessary?
Solution 1
September, 2016:
As others have mentioned as well, there were some huge efforts to enhance the shrinkwrap feature starting with npm v3.10.8.
Thanks to this, it'll be possible to keep your devDependencies
locked while installing only the production dependencies:
npm shrinkwrap --dev
npm install --only=prod
2013 answer:
As stated in the NPM docs:
Since
npm shrinkwrap
is intended to lock down your dependencies for production use,devDependencies
will not be included unless you explicitly set the--dev
flag when you run npm shrinkwrap. If installeddevDependencies
are excluded, then npm will print a warning. If you want them to be installed with your module by default, please consider adding them to dependencies instead.
Basically, or you lock down all deps, or only the production deps.
Not even running npm install --dev
or npm install --force
can transcend the shrinkwrap functionality.
Solution 2
EDIT 2016/09/13
I've tested out npm v3.10.8, and this functionality now works as expected. We've shrinkwrapped our devDependencies and can install only prod dependencies when we deploy.
I think it's worth mentioning that this feature should start working as expected very soon. According to this github issue, tons of people were running into the same problem, and according to this pull request, it will be in the next release (scheduled for 2016-09-08).
With the pull request merged in, all you would have to do is:
npm i --only=prod
Solution 3
As to npm 5 (I've tried on 5.5.1 and 5.6.0), --production (--only=prod) flag is problematic.
When package-lock.json exists in the folder,
npm shrinkwrap --production
simply changes the file name to npm-shrinkwrap.json.
How I managed to solve this issue is to run:
npm prune --production
and then run:
npm shrinkwrap --production
Solution 4
It looks like this feature was recently added in v3.3 of the npm client per the changelog
You'll now be able to run npm install --only=prod
to achieve the effect you wish.
Related videos on Youtube
Fluffy
(your about me is currently blank) click here to edit
Updated on September 14, 2022Comments
-
Fluffy over 1 year
I have a bunch of
devDependencies
needed in order to run test suite and have production dependencies locked down withnpm shrinkwrap
. The problem is that when I runnpm install
, only production dependencies are installed, in order to installdevDependencies
, I have to remove npm-shrinkwrap.json and run it again.Now if shrinkwrap contains
devDependencies
as well, they get installed in production, where they are not required. Surely there should be some command line arguments to force only normal dependencies to be installed? -
Fluffy almost 11 yearsSo basically there is no way to do what I'm after?
-
gustavohenke almost 11 yearsThru the CLI, it's what it seems. You could write some code, maybe an postinstall NPM script, which install your dev dependencies if an argv
--dev
is passed, for example. -
RushPL over 8 yearsNot true. This is the same as
npm install --production
with the same problems of being overriden bynpm-shrinkwrap.json
. -
mikestaub over 8 yearsThis could be coming soon, see this pull request: github.com/npm/npm/pull/10073
-
Avindra Goolcharan almost 8 years
npm shrinkwrap --also=dev
for the lazy. Thanks -
Andy over 7 yearsThe problem is I'm not just using a shrinkwrap for my production app; I'm also using to lock down my dev dependencies so that nothing goes awry in my CI tests.
-
Andy over 7 years@mikestaub it's patched in 3.10.8: github.com/npm/npm/releases/tag/v3.10.8
-
Bret about 5 yearsThis was good work around, but it seems to have stopped working somewhere in the 5.x.x major of npm. See github.com/npm/cli/pull/166 for details on the change. If devDeps aren't typically installed for -g installs, then they also shouldn't be installed just because there is a lock file. This smells of incorrect behavior.