When I run npm install it creates package-lock.json. The module I'm interested in is ssri. Searching by string "ssri" within package-lock.json gives 12 matches. This module is referenced from both react-scripts and @storybook. In some places it has dev: true and in some - no.
And then if I rm -rf node_modules and run NODE_ENV=production npm ci --only=production node_modules will be created with ssri folder in it.
Is it something with npm or my understanding is no clear?
Is there an existing issue for this?
Current Behavior
I have a project with following package.json:
When I run
npm install
it creates package-lock.json. The module I'm interested in is ssri. Searching by string "ssri" within package-lock.json gives 12 matches. This module is referenced from both react-scripts and @storybook. In some places it hasdev: true
and in some - no.And then if I rm -rf node_modules and run
NODE_ENV=production npm ci --only=production
node_modules will be created with ssri folder in it.Is it something with npm or my understanding is no clear?
Expected Behavior
ssri folder will not appear in node_modules
Steps To Reproduce
package.json
file from above.npm install
to generate lock file.NODE_ENV=production npm ci --only=production
.Environment