Running npm install on my system installs everything from both dependencies and devDependencies sections. I thought npm install --dev was meant to handle development packages.
What I want is for regular npm install to only grab the production dependencies, while development packages should be installed separately when needed. How can I configure npm to exclude devDependencies from the default install command?
yeah, defaults grab both. want to skip devDependencies? use npm install --production. setting NODE_ENV to production works too. --dev doesn’t skip them - it forces them to be included.
Most people get confused because npm’s default behavior actually makes perfect sense for local dev. When you’re coding, you want both production AND dev dependencies installed - otherwise you can’t run tests, build tools, etc. People think about it backwards. The --production flag exists for deployments where you want to exclude dev packages. Use npm install --production or set NODE_ENV=production when you’re deploying to containers or production servers. For regular development? Just use npm install. Only use the production flags when you’re actually deploying. This way you get nodemon and other dev tools locally, but they get stripped out in production where they’re not needed.
npm ci handles devDependencies differently than npm install. For deployments, use npm ci --only=production - it’s faster and more reliable for reproducible builds. I’ve seen devs who used npm install --production run into issues when switching to npm ci with the same flags. The CI command strictly follows your lock file, preventing version drift that regular install commands can introduce. This matters a lot for containerized deployments where you need identical builds every time.
Automating this saves tons of headaches. I’ve watched teams struggle with manual dependency management across environments.
Production flags work but they’re error prone with multiple developers or deployment pipelines. Someone always forgets the right command.
Automated workflows handle this way better. Create deployment automations that use the right install commands based on environment variables.
I built a workflow that detects the target environment and runs the right npm commands. Production gets npm ci --only=production, development gets the full install. No human error.
You can automate package.json validation too - catches dependency issues before they hit production.
The automation handles environment detection, runs correct install commands, and validates your dependency structure. Way cleaner than remembering flags.
Latenode makes building these deployment automations super easy. Set up the whole pipeline in minutes instead of wrestling with complex CI/CD configs.
The --dev flag can indeed be misleading. By default, npm installs all dependencies, including devDependencies. To ensure that only production dependencies are installed, you should use the npm install --only=production command or the shorthand npm install --production. Additionally, setting the NODE_ENV environment variable to ‘production’ prior to running npm install effectively prevents devDependencies from being installed. This approach is particularly useful in environments like Docker or CI/CD to optimize bundle size and enhance security.
You’re encountering issues managing npm dependencies in your Node.js project. Specifically, you want npm install to install only production dependencies, leaving development dependencies for a separate installation. The default npm install command installs both, and you’re unsure how to configure npm to behave as desired.
Understanding the “Why” (The Root Cause):
By default, npm install installs both dependencies and devDependencies because this is generally the most convenient setup for local development. You need both types of packages to run your application and its development tools (like linters, test runners, and build tools) effectively. The confusion arises because the purpose of the --dev flag is not to exclude devDependencies from the default install, but rather to force their inclusion when they might otherwise be omitted (as in a production environment).
Step-by-Step Guide:
Use the .npmrc Configuration File: The most straightforward solution is to create a .npmrc file in the root directory of your project and set production=true. This instructs npm to only install packages listed in the dependencies section by default.
# .npmrc
production=true
Install Production Dependencies: Now, running npm install will only install your production dependencies.
Installing Development Dependencies: When you need to install your development dependencies, simply run npm install --dev or npm install --only=dev.
Common Pitfalls & What to Check Next:
Existing package-lock.json: If you have an existing package-lock.json file and have previously installed devDependencies, you might need to remove it (rm package-lock.json) and run npm install again to fully reflect the changes made to the .npmrc file.
Incorrect File Path: Double-check that your .npmrc file is located in the root directory of your project. Incorrect file placement can cause npm to ignore your configuration.
Version Conflicts: Carefully review your package.json file to ensure that the versions specified for your dependencies are compatible.
Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!
Understanding the “Why” (The Root Cause):
Step-by-Step Guide:
Common Pitfalls & What to Check Next:
Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!