I am participating in building a webapp that used to use node-sass. We migrated to sass in the meantime but we have still node-sass in our package-lock.json. I want to fix that.
In the beginning, we had something like this
$ npm ls node-sass
[email protected] /home/private/Documents/Projekte/nextcloud-apps/nextcloud-app-dev/volumes/custom_apps/cookbook
├── [email protected]
└─┬ [email protected]
└── [email protected] deduped
OK, lets remove the dependency by calling npm uninstall node-sass. The result is
$ npm ls node-sass
[email protected] /home/private/Documents/Projekte/nextcloud-apps/nextcloud-app-dev/volumes/custom_apps/cookbook
└─┬ [email protected]
└── [email protected]
I do not get the reason, why sass-loader is still depending on node-sass. OK, let's have a closer look:
$ npm why node-sass
[email protected] optional peer
node_modules/node-sass
peerOptional node-sass@"^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" from [email protected]
node_modules/sass-loader
sass-loader@"^13.0.2" from the root project
peer sass-loader@"^13.0.1" from @nextcloud/[email protected]
node_modules/@nextcloud/webpack-vue-config
dev @nextcloud/webpack-vue-config@"^5.0.0" from the root project
Now I am a bit surprised. The package node-sass is only installed as a peer dependency. So, why is it installed at all? I thought the idea of peer dependencies is to allow for the root project to select the version in use.
Also, it is only optional. So, it should be able to remove it (eventually there might be a warning during removal but nothing serious).
I am not working on the @nextcloud/webpack-vue-config package. It is a mere dev dependency of the webapp. So, NPM should not install the node-sass as a dev dependency on any of my dependencies.
How can I remove the node-sass package from my project's package-lock.json? It is still anchored in the package-lock.json and thus installed on each build.
I could use the --no-optional CLI option of npm to skip over all optional dependencies. I do not want to do that. The "problem" with this is that the GitHub dependency checker will not consider the node-sass module as skipped and continue complaining. Also, other optional dependencies might be skipped as well, although we would like to have them.