To the node pro this post will not surprise.
TLDR; If NODE_ENV is set to production npm install and npm ci commands won’t install developer dependencies without passing --include=dev (-–also=dev for npm older than v7).
Why would you install developer dependencies in a Production environment? Agree, 100%. However, we do, gulp in particular. Not that I’m happy about it either.
This functionality isn’t hidden but it is interesting how the instructions returned when we tried to use a developer dependency (gulp) ended up throwing the team for a loop and a few wasted cycles.
Story Time
It’s the age ole story of unwritten knowledge within the company, lack of expertise and lack of keeping things up to date.
For us, it all started about seven years back during an ITS merger. The merger brought several disparate development teams into one and those teams used different development stacks (Java, Node, .Net). The team members from those teams continued to maintain the apps until there were no more staff from those teams left. Some apps were retired, some were rewritten to the chosen platform (.Net), some remained entombed in times gone by. We did a fairly good job with documentation and even had recorded trainings from the staff leaving.
Several years went by, apps happily running, a few glitches here and there with failures that we rectified through normal operational tasks. I’m a node newb and so are my fellow team members who had the task of updating one of these node applications. The process to update the node app is not what I would consider modern. There is no CI/CD chain.
The process to update the application on the server(s) was:
1. git pull to get the latest code.
2. npm ci
3. gulp to do all the needed minifying, bundling, copying, etc.
The typical local development machine steps or on a build server. We happily updated the code needed and dutifully followed the process laid out on our development and test servers. We moved to the production systems and when we ran the gulp step we got:
Local gulp not found in
Try running: npm install gulp
Scratching our heads, we compared dev/test and prod environments. All seemed properly aligned. We poured over our docs again not finding anything. So we ran `npm install gulp` and we got: updated 1 package in 26.605s
To our surprise when we manually ran our `gulp` command we still got: Local gulp not found in application folder Try running: npm install gulp
So after more research and not finding anything we tried a force install. No change. We could see that gulp wasn’t in the node_modules folder.
The Aha Moment
We found in the npm-ci docs in the omit parameter section the following two pieces of information.
“The default state is to omit developer dependencies when NODE_ENV is set to production.” Makes sense except it’s telling us it updated gulp?
“Note that these dependencies are still resolved and added to the package-lock.json
or npm-shrinkwrap.json
file. They are just not physically installed on disk.”
Totally not what we would expect to occur. Long story short, it resolved and updated the package-lock.json file but didn’t actually install.
To install developer dependencies when in production mode pass `—include=dev` ( `-–also=dev` for npm older than v7) to have it REALLY install your developer dependencies to disk.
Learn More
https://docs.npmjs.com/cli/v9/commands/npm-ci#omit
https://worknme.wordpress.com/2021/12/19/how-to-install-dev-dependencies-in-node-env-production/