Explore key distinctions between dependencies and devDependencies within package.json and understand how these configurations affect different environments. This quiz will help reinforce your knowledge of package management essentials and best practices.
Which field in package.json should be used to specify packages required for running the application in production?
Explanation: The 'dependencies' field is intended for packages your application needs in order to function during runtime, especially in production. 'devDependencies' are only required during development phases such as testing or building. 'peerDependencies' signal compatible package versions but are resolved by the consuming project, not directly installed. 'optionalDependencies' are similar to 'dependencies' but failures to install them do not cause the overall installation to fail.
If a package is listed under devDependencies and not under dependencies, what happens when the application is deployed to a production environment using standard install commands?
Explanation: Packages under devDependencies are usually omitted during production installs unless explicitly requested, helping to keep production builds lean and secure. They do not appear in peerDependencies unless specified, and omission does not cause errors. The package will not always be installed; only dependencies get automatic production installs.
A developer needs a testing framework that is only used during development to run tests. In package.json, where should this framework be specified?
Explanation: Tools and frameworks required only for development—such as for testing, formatting, or transpiling—belong in devDependencies to avoid unnecessary installation in production. Placing them in dependencies would include them in production builds, which is inefficient. optionalDependencies are used for packages that are not crucial, while bundledDependencies relate to packaging, not environment restriction.
Which command flag should be used to install a package as a devDependency so it is not included in production builds?
Explanation: The --save-dev flag ensures the installed package is added to devDependencies, preventing it from being installed during production deployments. Using --save adds it to dependencies, making it present in all environments. The --global flag installs packages globally and outside project scope, while --no-save installs without updating package.json at all.
Why is it important to regularly review both dependencies and devDependencies sections in package.json?
Explanation: Regular audits of dependencies and devDependencies help remove outdated or unused packages that could be exploited or bloat the project. Making all packages global is unnecessary and can cause version conflicts. Limiting development to only optional dependencies is incorrect, and increasing installation count does not benefit security or performance.