I read about using the --save option here and and it says that it will add the installed package to your package.json file. But why isn't this automatic? Wouldn't you always want this?

My understanding is that the node_modules is the directory that actually holds the code of your package and package.json is the reference/list of all the packages you have installed so that when you push it up to a repo, you only push the latter up and not the former, to save space.

Then when other people clone or fork off your repo, they will have the package.json to reference and install all the necessary packages to work off of your project.

Thus, wouldn't you always want your packages to be in the package.json in order for everyone to get what is needed?

I read about using the --save option here and and it says that it will add the installed package to your package.json file. But why isn't this automatic? Wouldn't you always want this?

My understanding is that the node_modules is the directory that actually holds the code of your package and package.json is the reference/list of all the packages you have installed so that when you push it up to a repo, you only push the latter up and not the former, to save space.

Then when other people clone or fork off your repo, they will have the package.json to reference and install all the necessary packages to work off of your project.

Thus, wouldn't you always want your packages to be in the package.json in order for everyone to get what is needed?

• javascript
• node.js
• npm
• package.json

• 3 Maybe you're experimenting with a new module and don't know if you're going to keep it yet. – webbm Commented Apr 30, 2017 at 0:04
• @webbm so at that point you can just easily uninstall it right? – stackjlei Commented Apr 30, 2017 at 0:06
• 2 Tough to say why npm decided to do this, but the popular alternative yarn's add command does save dependencies by default. – Alexander O'Mara Commented Apr 30, 2017 at 0:07
• @stackjlei Yep, that'd be a simple example. Not sure about the actual decision that went into the design of the process of course. – webbm Commented Apr 30, 2017 at 0:07
• 1 Calls for speculation, but I will point out that you sometimes want to save to dev dependencies rather than dependencies and also you don't want to save for a global install. I realize there are ways around both, just making the observation – Paul Commented Apr 30, 2017 at 0:37

2 Answers 2

With package managers like Bower or npm, I think --save is not automatic for the following reasons:

1. Not all dependencies are production dependencies (see --save-dev).
2. Sometimes you need to test a package without altering your package.json.
3. You may prefer to install locally some packages that your colleagues installed globally on their computer.

Packages installed without --save are not considered as dependencies and are kept separate. You can detect them easily as extraneous packages with npm ls and remove them instantly with npm prune.

Now if you think extraneous packages are a bad thing, you can of course use --save everytime you install a new package. For practical reasons, be aware that you can use the -S shortcut instead of --save. Moreover, if you often forget to use the option, you could define an alias in your shell.

Finally, if you use Yarn, notice that the yarn add command will add each package as a dependency. No --save flag anymore.

To quote one of the npm maintainers:

In the last couple years, quite a bit has changed here, which renders parts of this issue moot: [...] It’s [...] easy enough to run npm config set save true as an end users. That said, there are still a number of rough spots when making --save the default:

• While the cognitive load of having to remember --save or --save-dev at install time is an irritating niggle, it does force you to choose at install time whether a package is a dependency or devDependency.
• Moving packages between sections in package.json is still a little more difficult than it should be, which makes cleaning up after things when you forget to specify that somethi[ng] is a devDependency. [...] I don’t think it’s in the best interests, as a result, to opt everyone into saving everything by default.

(from https://github.com/npm/npm/issues/5108)