Giters

auth0 / express-jwt

connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TypeScript `@types/*` deps pollute production deps

bickelj opened this issue · comments

commented

Description

When adding a dependency on express-jwt, I expected all TypeScript @types dependencies to remain in the devDependencies. Instead, I see several @types dependencies showing up in production dependences. The @types should typically be used at compile-time only.

Reproduction

  1. Add express-jwt to an existing TypeScript project's project.json as a (production/non-dev) dependency and @types/jsonwebtoken as a dev dependency.
  2. npm install
  3. git diff will show that several @types, including @types/jsonwebtoken have their "dev": true flags removed and therefore these packages show up in the production distribution.

Environment

Please provide the following:

  • Version of this library used: "express-jwt": 8.4.1
  • Version of the platform or framework used, if applicable:: npm 8.19.3
  • Other relevant versions (language, server software, OS, browser): node v18.13.0 GNU/Linux
  • Other modules/plugins/libraries that might be involved: jwks-rsa 3.0.1