Are currently 280 dependencies required to use angular2?

244 views Asked by At

I am doing the ng2 getting started tutorial, described here: that currently consist only of a default package.json on which I do a npm install

The package.json references only two dev dependencies, all others are first or second level dependencies required for angular.

Now my node_modules has a total count of 280 packages with 10.648 files and 986 directories.

I might be late to the game, but can I condense or deploy the total minimum set of those deps when deploying? And I don't mean minification.

Is everybody else simply dumping ~11k of additional files to a web server to display some 6 file large angular app? Also casually ignoring about 280 licenses?

What's about all those licences? How can I actually be sure that I don't violate any licence terms without checking each of those 280 packages? There are scenarios where in a corporate environment licence validation is absolutely crucial to be able to use something.

I mean there is a sub package, whose copyright is held by Walmart, called hoek

This is not a rant, I do want to use angular but I also don't want to be held liable for possible licence violations by pushing all those node modules.

1

There are 1 answers

1
Duncan On BEST ANSWER

Most of those packages come from the development dependencies. When you deploy on an actual server you want to run npm install --production and then you'll see the list of packages installed is very much shorter:

PS C:\play\angular-quickstart> npm install --dry-run --production
[email protected] C:\play\angular-quickstart
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
| `-- [email protected]
`-- [email protected]

npm WARN [email protected] No description
npm WARN [email protected] No repository field.

If you review the equivalent output for the default npm install command you'll see that almost all of the packages are listed as dependencies of lite-server which is the web server you use for testing. In production you'll want to be using a real web server so you don't need any of those packages.