Hacker News new | ask | show | jobs
by nicoburns 162 days ago
> As far as I know, these 100+ dev dependencies are installed by default.

devDependencies should only be installed if you're developing the React library itself. They won't be installed if you just depend on React.
2 comments
ashishb 162 days ago
> They won't be installed if you just depend on React.

Please correct me if I am wrong, here's my understanding.

"npm install installs both dependencies and dev-dependencies unless NODE_ENV is set to production."

link
sponnath 162 days ago
It does not recursively install dev-dependencies.
link
ashishb 162 days ago
> It does not recursively install dev-dependencies.

So, these ~100 [direct] dev dependencies are installed by anyone who does `npm install react`, right?

link
frio 162 days ago
No. They’re only installed if you git clone react and npm install inside your clone.

They are only installed for the topmost package (the one you are working on), npm does not recurse through all your dependencies and install their devDependencies.

link
SkiFire13 162 days ago
> ~100 [direct]

When you do `npm install react` the direct dependency is `react`. All of react's dependencies are indirect.

link
rafram 162 days ago
Run `npm install react` and see how many packages it says it added. (One.)
link
remexre 162 days ago
If you're trying to audit React, don't you either need to audit its build artifacts rather than its source, or audit those dev dependencies too?
link