> You’re looking at the number of dependents. The React package has no dependenc...

nicoburns · 2026-01-06T00:55:36 1767660936

> As far as I know, these 100+ dev dependencies are installed by default.

devDependencies should only be installed if you're developing the React library itself. They won't be installed if you just depend on React.

ashishb · 2026-01-06T01:35:48 1767663348

> They won't be installed if you just depend on React.

Please correct me if I am wrong, here's my understanding.

"npm install installs both dependencies and dev-dependencies unless NODE_ENV is set to production."

sponnath · 2026-01-06T01:42:53 1767663773

It does not recursively install dev-dependencies.

ashishb · 2026-01-06T02:11:52 1767665512

> It does not recursively install dev-dependencies.

So, these ~100 [direct] dev dependencies are installed by anyone who does `npm install react`, right?

frio · 2026-01-06T02:17:52 1767665872

No. They’re only installed if you git clone react and npm install inside your clone.

They are only installed for the topmost package (the one you are working on), npm does not recurse through all your dependencies and install their devDependencies.

SkiFire13 · 2026-01-06T13:35:48 1767706548

> ~100 [direct]

When you do `npm install react` the direct dependency is `react`. All of react's dependencies are indirect.

rafram · 2026-01-06T15:54:33 1767714873

Run `npm install react` and see how many packages it says it added. (One.)

remexre · 2026-01-06T15:01:59 1767711719

If you're trying to audit React, don't you either need to audit its build artifacts rather than its source, or audit those dev dependencies too?

timcobb · 2026-01-06T02:18:43 1767665923

> And do what?

Keep on keepin on