Menu
I have a repository containing a package.json which contains scoped dependencies. I also have an .npmignore file intended to whitelist all files and subdirectories in dist/. The problem is all of the scoped dependencies are included when running npm install @private/a another repository. This includes both private npm packages and public packages such as @uirouter.
package.json:
{
"name": "@private/a",
"version": "1.0.0",
"description": "",
"main": "dist/index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"repository": {
"type": "git",
"url": "git+ssh://[email protected]/private/a.git"
},
"author": "",
"license": "ISC",
"homepage": "https://bitbucket.org/private/a#readme",
"devDependencies": {
"gulp": "^3.9.1",
"gulp-angular-embed-templates": "^2.3.0",
"gulp-concat": "^2.6.1",
"gulp-jshint": "^2.0.4",
"gulp-rename": "^1.2.2",
"gulp-sass": "^3.0.0",
"gulp-uglify": "^2.0.0",
"jshint": "^2.9.4"
},
"dependencies": {
"@private/b": "^1.0.0",
"@private/c": "^1.0.0"
}
}
.npmignore
**
!dist/**
Despite these two files when I run npm install @private/a --save within another repository it is installing the dependency along with all it's scoped dependencies:
/node_modules/@private/a/dist/index.js
/node_modules/dist/css/styles.css
/node_modules/@private/a/node_modules/@private/b
/node_modules/@private/a/node_modules/@private/c
package.json
It should only be this:
/node_modules/@private/a/dist/index.js
/node_modules/dist/css/styles.css
package.json
How can I achieve this? I have tried different variations of the .npmignore but have not had any luck.
654
To skip Installation of devDepenencies pass --production flag to npm install ,with the --production flag(or NODE_ENV environment variable set to production ) npm will not install modules listed in devDependencies." To make any module to be part of devDependencies pass --dev while installing.
Not committing node_modules implies you need to list all your modules in the package. json (and package-lock. json ) as a mandatory step. This is great because you might not have the diligence to do so, and some of the npm operations might break if you don't.
.npmignore is irrelevant to what you are trying to do. This file only decides which parts of your npm package code ends up in npm registry. So it is working as advertised.
Your problem must be in your npmconfig or because of using an older version of npm. The latest version installs stuff as so:
/node_modules/@private/a/dist/index.js
/node_modules/@private/b/...
/node_modules/@private/c/...
package.json
I have verified that this is happening with latest npm. But there used to be a time when npm installed dependencies into a nested structure. See this for example. So I suggest:
npm get legacy-bundling. Make sure this is false.There are few cases where the nesting of dependencies happens legitimately even with the latest npm. See this. But I am guessing your problem is not due to this. You can test by simply doing npm install @private/a in an empty folder.
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
