I have a repository containing a package.json which contains scoped dependencies. I also have an .npmignore file intended to whitelist all files and subdirectories in dist/. The problem is all of the scoped dependencies are included when running npm install @private/a another repository. This includes both private npm packages and public packages such as @uirouter.
package.json:
{ "name": "@private/a", "version": "1.0.0", "description": "", "main": "dist/index.js", "scripts": { "test": "echo \"Error: no test specified\" && exit 1" }, "repository": { "type": "git", "url": "git+ssh://git@bitbucket.org/private/a.git" }, "author": "", "license": "ISC", "homepage": "https://bitbucket.org/private/a#readme", "devDependencies": { "gulp": "^3.9.1", "gulp-angular-embed-templates": "^2.3.0", "gulp-concat": "^2.6.1", "gulp-jshint": "^2.0.4", "gulp-rename": "^1.2.2", "gulp-sass": "^3.0.0", "gulp-uglify": "^2.0.0", "jshint": "^2.9.4" }, "dependencies": { "@private/b": "^1.0.0", "@private/c": "^1.0.0" } } .npmignore
** !dist/** Despite these two files when I run npm install @private/a --save within another repository it is installing the dependency along with all it's scoped dependencies:
/node_modules/@private/a/dist/index.js /node_modules/dist/css/styles.css /node_modules/@private/a/node_modules/@private/b /node_modules/@private/a/node_modules/@private/c package.json It should only be this:
/node_modules/@private/a/dist/index.js /node_modules/dist/css/styles.css package.json How can I achieve this? I have tried different variations of the .npmignore but have not had any luck.
3 Answers
Answers 1
.npmignore is irrelevant to what you are trying to do. This file only decides which parts of your npm package code ends up in npm registry. So it is working as advertised.
Your problem must be in your npmconfig or because of using an older version of npm. The latest version installs stuff as so:
/node_modules/@private/a/dist/index.js /node_modules/@private/b/... /node_modules/@private/c/... package.json I have verified that this is happening with latest npm. But there used to be a time when npm installed dependencies into a nested structure. See this for example. So I suggest:
- Making sure you have latest node and npm.
- Making sure your npm config is not forcing legacy bundling. Run
npm get legacy-bundling. Make sure this is false.
There are few cases where the nesting of dependencies happens legitimately even with the latest npm. See this. But I am guessing your problem is not due to this. You can test by simply doing npm install @private/a in an empty folder.
Answers 2
You need to lock your dependency you might checkout out this tool shrinkwrap
Answers 3
Node will install your package files along with all the dependencies declared under dependencies field.
How the dependencies tree is build, depends on which version of npm do you use.
If your package doesn't need those dependencies to run, it means they are just dev dependencies and you can safely list them under devDependencies field.
Dev dependencies are only installed when you run an npm install inside the plugin directory.
0 comments:
Post a Comment