Closed JonDum closed 8 years ago
Hi,
Thanks for the PR. I think dev deps are important and I'm glad you thought about adding them. But, I don't think they should be off by default. These reports are sometimes used in preparation of legal documents and I'd hate for someone to miss on a dev dep with a wrong license just because of a flag.
What do you think?
These reports are sometimes used in preparation of legal documents
That's exactly what I'm doing right now for a Fortune 50 company :) They don't care about devDeps because they are not added to built code, just used in building code (if the user uses dev/deps correctly!).
I can see both sides of the argument though. Maybe --only
? NPM also has an --only
flag
The --only={prod[uction]|dev[elopment]} argument will cause either only devDependencies or only non-devDependencies to be installed regardless of the NODE_ENV.
If config.only
is undefined, it'll output everything, so no breaking change.
I believe that in this case it is better to include packages in the report that might be removed later than the opposite. So as a default its a "safer" option. One could always remove a certain category of packages by using the negation version one of the flags you suggested.
Ok done.
Will publish to npm later today
:+1:
also make devDeps output false by default
Definite use case for only outputting things from 'deps' since those often end up in outputted code. I made it default because that's how npm works by default — npm only installs devDeps if you pass the
--dev
flag or have the equivalent config.