Separate Source and Distribution

[Martinspire]

One thing i've noticed about NPM for a while now, is that the dependencies you include, also come with source files and not only the distribution. By Source i mean the original source files an by distribution i mean the compiled, combined result that is the result of the dependency.

Now i know how NPM works and what it stands for, but i feel that currently projects and dependencies tend to get very large because of this. If you for instance install MEAN.io you end up with a folder of 170mb! And thats without even touching any code. It also takes a few minutes to install, which also seems like a weird thing (as NPM itself is pretty fast).

So wouldn't it be great if you could state what is and what isn't required for distribution (as a dependency). So most modules would probably end up with a /dist/ folder they want to use and a /src/ folder for the development of the module itself. And by default people would be using the minimalistic files, but by a --development tag or something you could get the source too. Of course modules without any config would return everything to keep them from breaking.

I feel that this is an optimization that should have been part of NPM for a while now but it seems that there isn't much attention for keeping installation times low or downloads small. Now of course my solution might not suit all projects and perhaps we need some more brainstorming, but i do feel we should do some optimization, because not every developer is going to collaborate for everything and NPM would benefit too because it would need to serve less files.

[kenany]

So wouldn't it be great if you could state what is and what isn't required for distribution

Package authors can already do this with the .npmignore file (blacklist) and "files" field (whitelist).

[othiym23]

This has been requested a few times now, most recently in #6544. npm's philosophy (and @isaacs's and my preference) is to make installed packages usable by developers without forcing them to do extra work. I don't know about you, but I take advantage of this all the time, and it's a pretty heavily integrated part of my workflow.

It's up to packagers to decide what makes sense to include in their published packages. files, bundledDependencies, and .npmignore provide tools that packagers can take advantage of if they choose, but it's the packager's job to figure out what does and doesn't belong in the published package, not npm. Yes, this is a subjective call, but it's one that's worked pretty well for the larger community thus far, in my judgment.

Closing as duplicate of #6544.