Skip to content

[BUG] npm ci ignores --production flag and always installs devDependencies.Β #2017

New issue
New issue
Closed
Closed
[BUG] npm ci ignores --production flag and always installs devDependencies.#2017
Labels
Bugthing that needs fixingRelease 7.xwork is associated with a specific npm 7 release
Milestone
OSS - Sprint 19
@zenwarr

Description

@zenwarr
zenwarr
opened on Oct 22, 2020

Current Behavior:

npm ci --production installs dependencies marked as dev in package-lock.json.

Expected Behavior:

I expect npm ci to not install any packages marked as dev in lockfile.
npm 6 behaves as expected and installs only production dependencies with --production flag.
In example below, I expect @types/yargs to not be installed for production.

Steps To Reproduce:

npm init -y
npm i yargs && npm i -D @types/yargs

npm ci
ls node_modules

npm ci --production
ls node_modules

Expected output (npm 6.14.8)

$ npm ci
npm WARN prepare removing existing node_modules/ before installation
added 18 packages in 0.295s
$ ls node_modules
ansi-regex   cliui          color-name   escalade         is-fullwidth-code-point  string-width  @types     y18n   yargs-parser
ansi-styles  color-convert  emoji-regex  get-caller-file  require-directory        strip-ansi    wrap-ansi  yargs
$ npm ci --production
npm WARN prepare removing existing node_modules/ before installation
added 16 packages in 0.263s
$ ls node_modules
ansi-regex   cliui          color-name   escalade         is-fullwidth-code-point  string-width  wrap-ansi  yargs
ansi-styles  color-convert  emoji-regex  get-caller-file  require-directory        strip-ansi    y18n       yargs-parser

Actual output (npm 7.0.3)

$ npm ci
added 18 packages, and audited 18 packages in 846ms

2 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
$ ls node_modules
ansi-regex   cliui          color-name   escalade         is-fullwidth-code-point  string-width  @types     y18n   yargs-parser
ansi-styles  color-convert  emoji-regex  get-caller-file  require-directory        strip-ansi    wrap-ansi  yargs
$ npm ci --production

added 18 packages, and audited 18 packages in 821ms

2 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
$ ls node_modules
ansi-regex   cliui          color-name   escalade         is-fullwidth-code-point  string-width  @types     y18n   yargs-parser
ansi-styles  color-convert  emoji-regex  get-caller-file  require-directory        strip-ansi    wrap-ansi  yargs

Environment:

  • OS: Ubuntu 20.04
  • Node: 12.9.1
  • npm: 7.0.3
  • NODE_ENV is empty

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingRelease 7.xwork is associated with a specific npm 7 release

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions