Replies: 1 comment 2 replies
-
|
Hey 👋 The underlying assumption is that when using webpack, you will create a bundle of your app, including OpenPGP.js, and publish that (to npm, or on a website, etc). In that case, you only need OpenPGP.js in your devDependencies, because once you publish the bundle, installing the OpenPGP.js dependency is no longer necessary for your users (as it's already included in the bundle). If this assumption is not true for you, you can install it in the main dependencies, of course :) |
Beta Was this translation helpful? Give feedback.
-
|
@twiss I suppose you are describing the case when someone is creating a library on top of OpenPGP and it's still wrong because then it should belong to peerDependencies. But If someone is creating an application, then OpenPGP belongs to dependencies. Otherwise, everything could go to devDependencies. devDependencies are for dev tooling, not a deployment configuration. |
Beta Was this translation helpful? Give feedback.
-
|
Indeed everything can go under devDependencies, and it's not uncommon (though not universal either) to do so, see https://jsramblings.com/do-dependencies-devdependencies-matter-when-using-webpack/ for example. However, of course you're free to use a different approach. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
All reactions