metaist
commented
1 month ago https://www.reddit.com/r/Frontend/comments/fhgdd8/comment/fkbbtd7/
Why am I pointing this out? Because adding an actual dependency to my code is something I take very seriously. Importing lodash or react or whatever is a serious decision that I feel should be taken with extreme caution. Dependencies can lead to bloated code, exploits and bugs that are out of your control. If everything is on "devDependencies" or "dependencies", it's really hard to see how many of these dangerous imports a project has.
I tend to make it a personal goal to have as few dependencies as possible, but I couldn't care less for devDependencies.
Every package bundler ends up putting their dev dependencies somewhere else that's non-standard. My policy is to put things you need for development into an optional group called
devso that it's clear what purpose it serves. This is a convention, but at least it conforms to the standard.