Some devdependancies library is included with --production option

Question

Some devdependancies library is included with --production option

KenjiBito opened this issue 4 years ago · comments

e.x. I installed terser-webpack-plugin by npm with --save-dev

the result in package-lock.json is the following
"terser-webpack-plugin": {
"version": "1.4.3",
"resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-1.4.3.tgz",
"integrity": "sha512-QMxecFz/gHQwteWwSo5nTc6UaICqN1bMedC5sMtUc7y3Ha3Q8y6ZO0iCR8pq4RJC8Hjf0FEPEHZqcMB/+DFCrA==",
"dev": true,
"requires": {
"cacache": "^12.0.2",
"find-cache-dir": "^2.1.0",
"is-wsl": "^1.1.0",
"schema-utils": "^1.0.0",
"serialize-javascript": "^2.1.2",
"source-map": "^0.6.1",
"terser": "^4.1.2",
"webpack-sources": "^1.4.0",
"worker-farm": "^1.7.0"
}
}

"dev" is true but terser-webpack-plugin is in the output by license-checker with --production.
And I cannot find any dependancies from libraries that do not have "dev": true

My environment is windows server 2016, npm ver 6.0.9 and license checker 25.0.1

Thank you

Marcel Kottmann · Answer 1 · Fri Oct 30 2020 03:15:08 GMT+0800 (China Standard Time)

Hey @KenjiBito , I have the same problem. Did you find any way around this or any reason, why this is happening?

Jakub Moravec · Answer 2 · Thu Nov 19 2020 22:55:17 GMT+0800 (China Standard Time)

I'm having the same issue. Do you have any estimate on when this might be resolved?

Alex Hays · Answer 3 · Fri Mar 04 2022 04:49:28 GMT+0800 (China Standard Time)

Before running you could rm -rf node_modules and only install production deps to remove false positives:
NODE_ENV=production npm install

Andy Weston · Answer 4 · Sat Mar 05 2022 10:10:40 GMT+0800 (China Standard Time)

Thanks, also ... yarn install --production