Force ignore one dependency's dependency from being installed by npm/yarn

Asked 5/8, 2017 at 16:19 Answered 10/2 at 9:8

My nodejs project uses some libraries. One library pouchdb will try to install quite a lot of dependencies. There is one called leveldown, which will try to download Node.js header from Internet and then rebuild everything from scratch. Actually I don't need the leveldown at all. But their community suggest me to privately fork a pouchdb and the modify the package.json to exclude any dependency I don't need.

Here is my general question to npm/yarn folks. Is it possible to prevent particular library from being downloaded, while running npm install or yarn install?

Danged answered 5/8, 2017 at 16:19 Comment(0)

No, it's not possible to exclude a sub-dependency from the installation.

However, in your case, you don't need to privately fork pouchdb. PouchDB has custom builds published as npm packages: https://pouchdb.com/custom.html.

If you want to install pouchdb for use in-browser, npm install pouchdb-browser.

If you're using other storage adapters (like the in-memory adapter), you may want to npm install pouchdb-core instead. Note that pouchdb-core doesn't include some functions that ship with pouchdb.

If you need to use query() or viewCleanup(), you need to install pouchdb-mapreduce and pass it as a plugin.
If you need to use replicate() and sync(), you need to install pouchdb-replication and pass it as a plugin.

Example usage:

const PouchDB = require('pouchdb-core')
  .plugin(require(WHATEVER_STORAGE_ADAPTER_YOU_ARE_USING))
  .plugin(require('pouchdb-mapreduce'))
  .plugin(require('pouchdb-replication'));

Jedediah answered 5/8, 2017 at 17:23 Comment(1)

Thank you. This is a reasonable solution. The annoying thing is actually not exactly leveldown but node-gyp, it tries to download header files or current nodejs and then rebuild everything from scratch. But behind a corporate proxy, there will be some difficulties to download stuff from internet, especially when I easily upgrade nodejs (which means need to download corresponding header again) – Danged 5/8, 2017 at 18:45

-1

sure, it's totally possible, for yarn just add:

    "resolutions": {
        "leveldown": "npm:empty-npm-package",
        "other-package-to-exclude": "npm:empty-npm-package"
    }

there are plenty of poorly managed libraries in npm, yarn don't react to this yet, so solution above is a bit of a trick. Vote for stackoverflow question and github issue to bring yarn's and npm's attention to the problem and make a nice solution, e.g. "exclude-libraries": ["lib1", "lib2"]

(for those who prefer to stay with npm, you can use overrides instead of resolutions)

Carlenecarleton answered 10/2 at 9:8 Comment(2)

WARNING: This will replace it with npmjs.com/package/empty-npm-package, a package published by a random, unknown npm user. If at any time this user is compromised, you could be installing malware on your computer. It is far better to use something like "file:empty" where empty is a directory in your project with an empty package.json in it. – Jedediah 14/2 at 14:42

Furthermore, resolutions only works with yarn; npm has a different field: https://mcmap.net/q/142871/-npm-equivalent-of-yarn-resolutions – Jedediah 14/2 at 14:42

Recommended topics

Hot tags