pnpm: When installing only prod deps, don't download dev deps

Can we (after 3 years) at least avoid erroring out when devDependencies can’t be found?

At this step “node_modules/.pnpm” contains dev-dependencies, which I did not expect.

That is because pnpm doesn’t always clean the cache at node_modules/.pnpm. You can use this setting to control it: https://pnpm.io/npmrc#modules-cache-max-age The pnpm prune should also work for removing cache.

If the output of ls speaks to how pnpm install --prod

No, that seems like a bug in pnpm ls

if this is of interest to others

Seems like legitimate issues that should be fixed.

FWIW I do something like this now to bypass the issue:

for p in $(pnpm --recursive --parallel exec pwd); do
  cat "$p/package.json" | jq 'del(.devDependencies)' >"$p/~package.json"
  mv "$p/~package.json" "$p/package.json"
done
pnpm exec make-dedicated-lockfile
# ↑ We think pnpm has a bug where it includes **local** dev-dependencies despite the "--prod" flag.
# See https://github.com/pnpm/pnpm/issues/881#issuecomment-922804898 for details.
# To get around this we remove devDependencies from local package.json and update the lock file.

rm -rf node_modules
find ./packages -name "node_modules" -type d -prune -exec rm -rf '{}' +

pnpm install --frozen-lockfile --prod "$filterArg"

Partially. The issue (as described in #2411, but this one actually seems to be the root cause in our case) is that we have a rush-managed monorepo where only our production dependencies are fully published. There’s a few devdependencies that only exist in the monorepo.

I’m currently investigating if we can move to pnpm workspaces instead (as we don’t have a hard requirement of publishing the dependencies at this time) but it would still be preferable to have an option that allows preparing a rush-managed package for production using pnpm (instead of npm, which does work fine, but doesn’t use the pnpm caching obviously)