Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Development dependencies can cause production dependencies to install differently #3468

Closed
artlogic opened this issue May 22, 2017 · 2 comments
Closed

Development dependencies can cause production dependencies to install differently #3468

artlogic opened this issue May 22, 2017 · 2 comments
Labels
needs-discussion triaged

Comments

@artlogic
Copy link

What is the current behavior?

When production installing a dependency which has a child dependency that's also a devDependency, the child dependency isn't installed at the top level. If the devDependency is removed, the child dependency is installed as expected. I think this is a bug because devDependencies shouldn't affect production in any way.

If the current behavior is a bug, please provide the steps to reproduce.

Start with this package.json:

{
  "name": "test",
  "version": "1.0.0",
  "description": "test",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "sequelize-cli": "^2.7.0"
  }
}

Then, perform a yarn install --production. Notice that umzug (a dependency of sequelize-cli) exists under node_modules.

Now remove the node_modules directory and modify your package.json like so:

{
  "name": "test",
  "version": "1.0.0",
  "description": "test",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "sequelize-cli": "^2.7.0"
  }
  devDependencies": {
    "umzug": "^2.0.1"
  }
}

Once again perform a yarn install --production. Notice that umzug is no longer listed under node_modules. Rather it's at node_modules/sequelize-cli/node_modules/umzug.

What is the expected behavior?

I would expect devDependencies to have no affect on the production install process. Modifying devDependencies can actually change what packages are visible in production. This seems like incorrect behavior to me.

Please mention your node.js, yarn and operating system version.

Using yarn 0.24.5, node 6.10.3, and Mac OS 10.11.6.
@bestander
Copy link
Member

That is expected behavior.
Yarn would build the same tree (with some branches removed) for the same package.json/yarn.lock no matter if it is installed with --production flag or not.
And that is a good thing, you end up with the same versions of dependencies trees when you are developing and deploying.

@artlogic
Copy link
Author

Thanks for explaining. After reading this and taking another look, I now understand this behavior. Much appreciated.

@ghost ghost mentioned this issue Jun 5, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-discussion triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BYK @artlogic @bestander