When adding a dependency on express-jwt, I expected all TypeScript @types dependencies to remain in the devDependencies. Instead, I see several @types dependencies showing up in production dependences. The @types should typically be used at compile-time only.
Reproduction
Add express-jwt to an existing TypeScript project's project.json as a (production/non-dev) dependency and @types/jsonwebtoken as a dev dependency.
npm install
git diff will show that several @types, including @types/jsonwebtoken have their "dev": true flags removed and therefore these packages show up in the production distribution.
Environment
Please provide the following:
Version of this library used: "express-jwt": 8.4.1
Version of the platform or framework used, if applicable:: npm 8.19.3
Other relevant versions (language, server software, OS, browser): node v18.13.0 GNU/Linux
Other modules/plugins/libraries that might be involved: jwks-rsa 3.0.1
Description
When adding a dependency on
express-jwt, I expected all TypeScript@typesdependencies to remain in the devDependencies. Instead, I see several@typesdependencies showing up in production dependences. The@typesshould typically be used at compile-time only.Reproduction
express-jwtto an existing TypeScript project'sproject.jsonas a (production/non-dev) dependency and@types/jsonwebtokenas a dev dependency.npm installgit diffwill show that several@types, including@types/jsonwebtokenhave their"dev": trueflags removed and therefore these packages show up in the production distribution.Environment