npm install installs devDependencies, npm update does not #2369

Closed
joewhite opened this Issue Apr 14, 2012 · 31 comments

Comments

Projects
None yet
@joewhite

If I run npm install (no package name) on a directory containing a package.json, then npm installs all of the dependencies (direct and indirect) and devDependencies (one layer deep). This is great -- I can clone a module's Git repository, run npm install, and start hacking on it, running its tests, etc.

However, if I run npm update on that same directory, npm only updates the dependencies. It does not update the devDependencies.

These operations should be consistent with each other. If npm install (no package name) installs the devDependencies, then npm update (no package name) should upgrade those devDependencies.

@joewhite

This comment has been minimized.

Show comment Hide comment
@joewhite

joewhite Apr 15, 2012

npm outdated (no package name) should also include devDependencies.

npm outdated (no package name) should also include devDependencies.

@freewil

This comment has been minimized.

Show comment Hide comment
@freewil

freewil May 11, 2012

It was my understanding that before npm install simply installed the dependencies, if you included the -d flag it would also install the devDependencies

freewil commented May 11, 2012

It was my understanding that before npm install simply installed the dependencies, if you included the -d flag it would also install the devDependencies

@joewhite

This comment has been minimized.

Show comment Hide comment
@joewhite

joewhite May 11, 2012

@freewil The docs don't seem to explain this feature, but npm install (no arguments) definitely does install the devDependencies. You can test it: just create a new directory somewhere, create a file called package.json with the following contents, open a command prompt to that directory, and npm install. It will install both minimatch (from dependencies) and expect.js (from devDependencies).

{
  "name": "test",
  "version": "0.0.0",
  "dependencies": {
    "minimatch": "*"
  },
  "devDependencies": {
    "expect.js": "*"
  }
}

@freewil The docs don't seem to explain this feature, but npm install (no arguments) definitely does install the devDependencies. You can test it: just create a new directory somewhere, create a file called package.json with the following contents, open a command prompt to that directory, and npm install. It will install both minimatch (from dependencies) and expect.js (from devDependencies).

{
  "name": "test",
  "version": "0.0.0",
  "dependencies": {
    "minimatch": "*"
  },
  "devDependencies": {
    "expect.js": "*"
  }
}
@freewil

This comment has been minimized.

Show comment Hide comment
@freewil

freewil May 11, 2012

I'm seeing that behavior too. I also didnt see anything about -d in the manpages so I'm wondering if:

  1. I was thinking of another command
  2. the behavior changed
  3. this is a bug

Anyway, I'm setting up a production environment and I wanted to disable the installation of devDependencies by npm install, so I did npm config -g set production true

freewil commented May 11, 2012

I'm seeing that behavior too. I also didnt see anything about -d in the manpages so I'm wondering if:

  1. I was thinking of another command
  2. the behavior changed
  3. this is a bug

Anyway, I'm setting up a production environment and I wanted to disable the installation of devDependencies by npm install, so I did npm config -g set production true

@aseemk

This comment has been minimized.

Show comment Hide comment
@aseemk

aseemk May 11, 2012

To not install dev dependencies, you can simplify the command to npm install --production. This is in fact what Heroku does. Just FYI.

+1 to the original request -- have run into this too.

aseemk commented May 11, 2012

To not install dev dependencies, you can simplify the command to npm install --production. This is in fact what Heroku does. Just FYI.

+1 to the original request -- have run into this too.

@exortech

This comment has been minimized.

Show comment Hide comment
@exortech

exortech Aug 2, 2012

This is quite annoying as it entails running both an npm install and an npm update to get the latest version of installed dependencies as well as any new dev dependencies. It would be nice if npm update's behaviour was consistent with npm install. Or is there a better way to do this? Any timeline on fixing this?

exortech commented Aug 2, 2012

This is quite annoying as it entails running both an npm install and an npm update to get the latest version of installed dependencies as well as any new dev dependencies. It would be nice if npm update's behaviour was consistent with npm install. Or is there a better way to do this? Any timeline on fixing this?

@mridgway

This comment has been minimized.

Show comment Hide comment
@mridgway

mridgway Aug 8, 2012

+1, seems inconsistent.

mridgway commented Aug 8, 2012

+1, seems inconsistent.

@FabianFrank

This comment has been minimized.

Show comment Hide comment
@FabianFrank

FabianFrank Aug 31, 2012

+1, they should be consistent

+1, they should be consistent

@aseemk

This comment has been minimized.

Show comment Hide comment
@aseemk

aseemk Oct 2, 2012

Ran into this again; can I +1 again? =)

aseemk commented Oct 2, 2012

Ran into this again; can I +1 again? =)

@isaacs

This comment has been minimized.

Show comment Hide comment
@isaacs

isaacs Oct 3, 2012

Owner

+1

Owner

isaacs commented Oct 3, 2012

+1

@Krinkle

This comment has been minimized.

Show comment Hide comment
@Krinkle

Krinkle Oct 3, 2012

+1 for consistency

  • npm install (with either --dev to include devDependencies if not by default, or --production if it is by default)
  • npm update (the same)

I'd prefer it not be included by default, though for compatibility we might not want to change that.

Krinkle commented Oct 3, 2012

+1 for consistency

  • npm install (with either --dev to include devDependencies if not by default, or --production if it is by default)
  • npm update (the same)

I'd prefer it not be included by default, though for compatibility we might not want to change that.

@glaszig

This comment has been minimized.

Show comment Hide comment
@glaszig

glaszig Oct 19, 2012

👍
npm install should not implicitly install devDependencies by default.
make it explicit via --dev or --development or even configurable (i.e. env NODE_ENV=development).

glaszig commented Oct 19, 2012

👍
npm install should not implicitly install devDependencies by default.
make it explicit via --dev or --development or even configurable (i.e. env NODE_ENV=development).

@gabipetrovay

This comment has been minimized.

Show comment Hide comment
@gabipetrovay

gabipetrovay Oct 24, 2012

+1 @Krinkle
and as @exortech asked: any timeline for this?

Thanks!

+1 @Krinkle
and as @exortech asked: any timeline for this?

Thanks!

@EhevuTov

This comment has been minimized.

Show comment Hide comment
@EhevuTov

EhevuTov Oct 24, 2012

@gabipetrovay I'm guessing the general understanding is that since this is open-source and not a low-hanging fruit issue(I'd rather see progress on the streams re-work), someone/anyone should/could start coding for this issue.

@gabipetrovay I'm guessing the general understanding is that since this is open-source and not a low-hanging fruit issue(I'd rather see progress on the streams re-work), someone/anyone should/could start coding for this issue.

@wilmoore

This comment has been minimized.

Show comment Hide comment
@wilmoore

wilmoore Nov 8, 2012

Contributor

+1 NODE_ENV=...

#################################################
# environment
#################################################

BINDIR        :=  $(CURDIR)/node_modules/.bin
SRCDIR        :=  $(CURDIR)/src
ENV           ?=  development
NODE_ENV      :=  $(ENV)
Contributor

wilmoore commented Nov 8, 2012

+1 NODE_ENV=...

#################################################
# environment
#################################################

BINDIR        :=  $(CURDIR)/node_modules/.bin
SRCDIR        :=  $(CURDIR)/src
ENV           ?=  development
NODE_ENV      :=  $(ENV)
@jokesterfr

This comment has been minimized.

Show comment Hide comment
@jokesterfr

jokesterfr Nov 13, 2012

totally agree with @glaszig

totally agree with @glaszig

@nesk

This comment has been minimized.

Show comment Hide comment
@nesk

nesk Dec 2, 2012

nesk commented Dec 2, 2012

@glaszig

This comment has been minimized.

Show comment Hide comment
@glaszig

glaszig Dec 3, 2012

oookay. i was just skimming through the code and found the following conditions upon which devDependencies will be installed:

  • --dev on the command line (--no-dev to opt out)
  • --no-production on the command line

see cf80c93. (i guess both options can be set in a config file somewhere as well.)

  • --dev appears to be the default implicitly because NODE_ENV will generally be empty (unless i have set it) which results in process.env.NODE_ENV === "production" being false

see npmconf/config-defs.js.

my conclusion is that, unless NODE_ENV is set to production and dev is false (via config or --no-dev), the development dependencies will be installed.
somehow this appears to be logical since we should have NODE_ENV set to production on our servers leading to dev packages not being installed which, in the end, is what we intended, right?

glaszig commented Dec 3, 2012

oookay. i was just skimming through the code and found the following conditions upon which devDependencies will be installed:

  • --dev on the command line (--no-dev to opt out)
  • --no-production on the command line

see cf80c93. (i guess both options can be set in a config file somewhere as well.)

  • --dev appears to be the default implicitly because NODE_ENV will generally be empty (unless i have set it) which results in process.env.NODE_ENV === "production" being false

see npmconf/config-defs.js.

my conclusion is that, unless NODE_ENV is set to production and dev is false (via config or --no-dev), the development dependencies will be installed.
somehow this appears to be logical since we should have NODE_ENV set to production on our servers leading to dev packages not being installed which, in the end, is what we intended, right?

@sindresorhus

This comment has been minimized.

Show comment Hide comment
@sindresorhus

sindresorhus Feb 11, 2013

Multiple people have expressed desire for not having npm install install devDependencies by default, but I'm still to hear an actual argument for why. I would say, make it easy for the developer, not the production server. When do you not want to install eg Mocha when cloning a lib or in your own project.

But I guess that's irrelevant, since it's not going to change for compat reasons anyway.

Multiple people have expressed desire for not having npm install install devDependencies by default, but I'm still to hear an actual argument for why. I would say, make it easy for the developer, not the production server. When do you not want to install eg Mocha when cloning a lib or in your own project.

But I guess that's irrelevant, since it's not going to change for compat reasons anyway.

@ralt

This comment has been minimized.

Show comment Hide comment
@ralt

ralt Mar 9, 2013

Contributor

The code change should be here (it's then called here). Should we add a --production flag for npm update too though?

Whether npm install should require --dev to install devDependencies should be in another issue, shouldn't it? This issue is about being consistent with npm install afaic.

Contributor

ralt commented Mar 9, 2013

The code change should be here (it's then called here). Should we add a --production flag for npm update too though?

Whether npm install should require --dev to install devDependencies should be in another issue, shouldn't it? This issue is about being consistent with npm install afaic.

@nickleefly

This comment has been minimized.

Show comment Hide comment
@nickleefly

nickleefly Apr 5, 2013

Since its devDependencies, it doesn't require to be installed in production.

It would be nice If we can use npm update -d locally

Since its devDependencies, it doesn't require to be installed in production.

It would be nice If we can use npm update -d locally

@natevw

This comment has been minimized.

Show comment Hide comment
@natevw

natevw May 30, 2013

This is still frustrating — I never remember and still naïvely use npm update as if it were useful. Just spent another session headscratching between two developers why when both were "up to date" results weren't matching.

Hope the patch can be landed soon. In the meantime, I find the most simple, reliable, and memorable workaround for getting an "update" to update what's installed is to:

rm -r node_modules
npm install

natevw commented May 30, 2013

This is still frustrating — I never remember and still naïvely use npm update as if it were useful. Just spent another session headscratching between two developers why when both were "up to date" results weren't matching.

Hope the patch can be landed soon. In the meantime, I find the most simple, reliable, and memorable workaround for getting an "update" to update what's installed is to:

rm -r node_modules
npm install

justmoon added a commit to ripple/ripple-client that referenced this issue Jun 18, 2013

ahbeng added a commit to ahbeng/sgp.si that referenced this issue Jul 21, 2013

@haphut haphut referenced this issue in HSLdevcom/navigator-proto Aug 7, 2013

Closed

Allow higher dependency versions than earlier. #22

@hachi

This comment has been minimized.

Show comment Hide comment
@hachi

hachi Aug 20, 2013

This is a serious bug or missing feature in npm that is affecting my engineers at work. We end up having to blow away node_modules to work around this, which is taking several minutes to rebuild for each user... we also are using up bandwidth for the registry and all the package mirrors rebuilding these trees.

If npm is unable to work around this idea, why does npm not simply blow away the node_modules tree whenever an upgrade is requested, rather than doing the wrong thing?

hachi commented Aug 20, 2013

This is a serious bug or missing feature in npm that is affecting my engineers at work. We end up having to blow away node_modules to work around this, which is taking several minutes to rebuild for each user... we also are using up bandwidth for the registry and all the package mirrors rebuilding these trees.

If npm is unable to work around this idea, why does npm not simply blow away the node_modules tree whenever an upgrade is requested, rather than doing the wrong thing?

@jokesterfr

This comment has been minimized.

Show comment Hide comment
@jokesterfr

jokesterfr Aug 21, 2013

@hachi about bandwidth issue (and only): npm_lazy

@hachi about bandwidth issue (and only): npm_lazy

@domenic

This comment has been minimized.

Show comment Hide comment
@domenic

domenic Sep 8, 2013

Member

Fixed by #3863.

Member

domenic commented Sep 8, 2013

Fixed by #3863.

@timoxley

This comment has been minimized.

Show comment Hide comment
@timoxley

timoxley Jan 8, 2014

Member

Related #4438

Member

timoxley commented Jan 8, 2014

Related #4438

ruanyl pushed a commit to ruanyl/navigator-proto-local that referenced this issue Apr 19, 2014

Allow higher dependency versions than earlier.
Especially grunt-contrib-coffee 0.7.0 changed source map support but the
version was not allowed by our earlier requirements. The requirements
are now changed so that only the major version of a dependency is not
allowed to change.

At this point of the project it might be sensible to keep changing our
code to match any significant changes in the dependencies instead of
freezing on some unsupported version 0.1.2, for example.

To facilitate updating dependencies, the list has been moved from
devDependencies to dependencies because of a bug/feature in npm update:
npm/npm#2369
@hughperkins

This comment has been minimized.

Show comment Hide comment
@hughperkins

hughperkins Mar 6, 2015

eg, I want to install ng-storage, which is a 1.2k file, but trying to install it means it loads in grunt and all sorts of stuff, going up to 60MB or so. I only want to add ng-storage.min.js to my project, not do development on the ng-storage component itself.

For now, my workaround is to use bower instead for this, since it only pulls in 56k of files, but using bower, in an npm project, has its own issues too...

eg, I want to install ng-storage, which is a 1.2k file, but trying to install it means it loads in grunt and all sorts of stuff, going up to 60MB or so. I only want to add ng-storage.min.js to my project, not do development on the ng-storage component itself.

For now, my workaround is to use bower instead for this, since it only pulls in 56k of files, but using bower, in an npm project, has its own issues too...

@mscappini mscappini referenced this issue in optbot/template Apr 15, 2015

Merged

Marshall #1

@dcrockwell

This comment has been minimized.

Show comment Hide comment
@dcrockwell

dcrockwell Feb 25, 2016

How is --production handled in npm v2?

How is --production handled in npm v2?

@ogbaoghene

This comment has been minimized.

Show comment Hide comment
@ogbaoghene

ogbaoghene May 11, 2016

@domenic sorry to pull you back but struggling with this. What's the command to update outdated devDependencies? Tried npm update -d with both --save-dev and --save, all to no avail. Thanks.

@domenic sorry to pull you back but struggling with this. What's the command to update outdated devDependencies? Tried npm update -d with both --save-dev and --save, all to no avail. Thanks.

@chrisnicola

This comment has been minimized.

Show comment Hide comment
@chrisnicola

chrisnicola Jun 22, 2016

@ogbaoghene there doesn't seem to be one. In fact there doesn't appear to be any way to save updates to devDependencies from npm update.

It amazes me that the only option to properly update package.json entries is by manually editing the file. Or am I missing something?

chrisnicola commented Jun 22, 2016

@ogbaoghene there doesn't seem to be one. In fact there doesn't appear to be any way to save updates to devDependencies from npm update.

It amazes me that the only option to properly update package.json entries is by manually editing the file. Or am I missing something?

@ogbaoghene

This comment has been minimized.

Show comment Hide comment
@ogbaoghene

ogbaoghene Jun 26, 2016

@chrisnicola I didn't want to believe that was the case, especially with the issue closed and reported as fixed.

@chrisnicola I didn't want to believe that was the case, especially with the issue closed and reported as fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment