npm install –production and npm ci –production is installing devDependencies

  docker, node.js, npm

I’m playing with pretty much a clean create-react-app project and containerizing it in a multi-stage Docker build.

This is what I have for the Dockerfile so far:

# creating a node base
FROM node:16-slim as node-base
ENV CI=true

# builder-base is used to build dependencies
FROM node-base as builder-base
ENV NODE_ENV=production
COPY ./package-lock.json ./package.json ./
RUN npm install --production
# RUN npm ci --production

Regardless of whether npm install --production or npm ci --production is used, when I run the image with docker run -it <image_id> bash and look in node_modules, I see devDependencies like jest and eslint.

I’ve verified that in both the ./package-lock.json and ./package.json that these dependencies are indeed under devDependencies:

# package.json
{
  "name": "client",
  "version": "0.1.0",
  "private": true,
  "dependencies": {
    "react": "^17.0.1",
    "react-dom": "^17.0.1",
    "react-scripts": "4.0.0",
    "web-vitals": "^0.2.4"
  },
  "devDependencies": {
    "@testing-library/jest-dom": "^5.11.6",
    "@testing-library/react": "^11.2.2",
    "@testing-library/user-event": "^12.2.2"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
  },
  "eslintConfig": {
    "extends": [
      "react-app",
      "react-app/jest"
    ]
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  }
}
# package-lock.json
{  
  "name": "client",
  "version": "0.1.0",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "client",
      "version": "0.1.0",
      "dependencies": {
        "react": "^17.0.1",
        "react-dom": "^17.0.1",
        "react-scripts": "4.0.0",
        "web-vitals": "^0.2.4"
      },
      "devDependencies": {
        "@testing-library/jest-dom": "^5.11.6",
        "@testing-library/react": "^11.2.2",
        "@testing-library/user-event": "^12.2.2"
      }
    },
....
}

Any ideas what is causing this and how to prevent it from happening?

Source: Docker Questions

LEAVE A COMMENT