Is it right to think that all dependencies in a React-webpack web app package.json are dev dependencies?

Question

I have a React-webpack web app (client side only - no API server) and was tidying up the package.json file and it occurred to me that all of the dependencies are dev dependencies as you do not run the React web app in production - you build it and distribute the built files.

Is this right?

Answer 1

React and possibly ReactDOM would be dependencies. Any additional libraries you're using that appear on the page would also be dependencies (example: react-autosuggest). Everything else would generally be a devDependency.

There's no great consensus on this yet (see this webpack issue, for instance). Some folks want to do everything as a dependency, others as a devDependency, I'm sure you could make a case for bundled dependencies, etc. The solution I outlined above is a best practice that seems to work well. For example, if you're using a version range on a package, you likely wouldn't care about minor/patch version change to webpack, eslint, karma, mocha, etc. You'd most certainly care about even a patch level change to something like react, so it gets separated out into a much shorter dependency list. (Looking at one project, there seems to be a 4-5x difference between dependency and devDependency. It's much easier to spot the meaningful changes if you corral them into the dependency tree.)

Related: yarn takes the approach I outlined above.