From aaf6ff84692b5da4abf072d961e752adc05bd84b Mon Sep 17 00:00:00 2001 From: Bret Comnes Date: Tue, 19 Feb 2019 17:01:03 -0800 Subject: [PATCH] Revert "prune: Fix bug where prune --production would remove dev deps from the lock file" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This breaks the ability to (easily) create a shrinkwrap file that does not include devDeps. The current behavior of a package published with a shrinkwrap file that includes devDeps is that the devDeps get installed when the package is installed globally. The only way around this was to `prune --prod` during prepack to generate a shrinkwrap without devDeps and publish with that. After this change, `prune --prod` no longer modifies the shrinkwrap file to remove devDeps. The situation is already looking like a hack but: - Perhaps a shrink wrapped package should not install devDeps when installed as a dependency or global package (this seems the most correct and implied behavior described in https://docs.npmjs.com/files/shrinkwrap.json) - Perhaps running `npm shrinkwrap --prod` should remove the devDeps from the lock file (without pruning node_modules so its faster and can be restored by shrink-wrapping without the flag). Easier than above, but still possibly in hacksvill. I would propose we revert this change so that this avenue isn’t broken, until the primary issue is resolved. This reverts commit cec5be5427f7f5106a905de8630e1243e9b36ef4. --- lib/prune.js | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/prune.js b/lib/prune.js index 010e471e4b328..8d642e5b27928 100644 --- a/lib/prune.js +++ b/lib/prune.js @@ -65,4 +65,3 @@ Pruner.prototype.loadAllDepsIntoIdealTree = function (cb) { Pruner.prototype.runPreinstallTopLevelLifecycles = function (cb) { cb() } Pruner.prototype.runPostinstallTopLevelLifecycles = function (cb) { cb() } -Pruner.prototype.saveToDependencies = function (cb) { cb() }