I am doing the ng2 getting started tutorial, described here: that currently consist only of a default package.json on which I do a npm install
The package.json references only two dev dependencies, all others are first or second level dependencies required for angular.
Now my node_modules has a total count of 280 packages with 10.648 files and 986 directories.
I might be late to the game, but can I condense or deploy the total minimum set of those deps when deploying? And I don't mean minification.
Is everybody else simply dumping ~11k of additional files to a web server to display some 6 file large angular app? Also casually ignoring about 280 licenses?
What's about all those licences? How can I actually be sure that I don't violate any licence terms without checking each of those 280 packages? There are scenarios where in a corporate environment licence validation is absolutely crucial to be able to use something.
I mean there is a sub package, whose copyright is held by Walmart, called hoek
This is not a rant, I do want to use angular but I also don't want to be held liable for possible licence violations by pushing all those node modules.
Most of those packages come from the development dependencies. When you deploy on an actual server you want to run
npm install --production
and then you'll see the list of packages installed is very much shorter:If you review the equivalent output for the default
npm install
command you'll see that almost all of the packages are listed as dependencies oflite-server
which is the web server you use for testing. In production you'll want to be using a real web server so you don't need any of those packages.