Way to only check production dependencies

[rickysullivan-gallagher]

Is there a way to only check production dependencies?

[eladnava]

Hi @rickysullivan-gallagher,
Thanks for filing this issue.

Indeed, there isn't a way to do that currently. This package depends on legally to obtain your project's dependencies, by recursively walking over your project's node_modules/ folder, with no regard whatsoever as to whether the dependency or sub-dependency is dev/prod only. Changing this to include a dev/prod check would require a rewrite of legally, to inspect your project's package.json and avoid obtaining licenses for dev dependencies, or their sub-dependencies (unless a sub-dependency is also referenced by a prod dependency). As you can see, this can get complicated fast.

The easiest way to achieve this, without modifying legally, is to simply create a new project directory and run npm install on all of your project's production dependencies only. Then, run tldrlegal in that directory instead. After obtaining the results, you can delete this directory.

Please let me know if this make sense.