npm install --production ignore my dependencies

Stefan Bogdanescu

Founder & Senior Architect · 2026-06-29

Laravel Company

npm install --production: Why Dependencies Seem to Be Ignored in Production Builds

As senior developers, we often deal with the nuances of package management, especially when optimizing build processes for production environments. A common point of confusion arises when executing commands like npm install --production, and observing that packages listed under dependencies appear to be skipped or ignored. This behavior can lead to frustration, particularly when setting up frameworks like Laravel where managing dependencies is crucial.

Let’s dive into the specifics of how NPM handles production installs, analyze the scenario you presented, and clarify the distinction between dependencies and devDependencies.

Understanding Dependency Types in NPM

Before addressing the --production flag, it is essential to understand the fundamental separation between dependency types defined in your package.json file.

  1. dependencies: These are packages required for your application to run in a production environment. If these packages are missing, your code will likely crash at runtime. For instance, if you use an HTTP client or core framework components, they belong here.
  2. devDependencies: These packages are only needed during the development, testing, and building phases. This includes tools like Webpack, Babel, ESLint, testing frameworks, and build utilities (like laravel-mix in your example). These are not required for the final application to execute.

By default, running a simple npm install installs all packages listed in both sections. The distinction between these two groups is managed by flags used during installation or when deploying.

The Role and Limitations of --production

The --production flag is primarily designed to optimize the installation process for deployment environments. Its main goal is to prevent the installation of development-specific tools, thereby reducing the final node_modules size and potential security exposure.

When you run npm install --production, NPM checks the configuration:

  • Standard Behavior: In many standard NPM setups, this flag explicitly tells NPM to skip installing packages listed under devDependencies. This is because production servers do not need development tooling installed.
  • The Nuance: The confusion arises when you expect all runtime dependencies (dependencies) to be installed, but the --production flag seems to filter them out.

In your specific example, where you observed that packages like cross-env (which is listed under dependencies) were not installed, it suggests one of two possibilities: either your NPM version or configuration is interpreting the command in a way that prioritizes production build minimization, or there might be an interaction with how Laravel Mix handles asset compilation versus runtime dependencies.

Analyzing the Observed Behavior and Best Practices

In modern Node.js projects, especially those following conventions seen in frameworks like Laravel, the expectation is to install everything needed for runtime execution. If a package is strictly required for the application to function (i.e., it's a dependency), it should generally be installed regardless of the production flag.

The fact that cross-env was missed indicates that NPM prioritized excluding development materials over installing necessary runtime packages in this context. While this behavior can be confusing, it aligns with the principle: Production environments should only contain runtime dependencies.

Best Practice for Laravel and Node Projects

For a robust setup, especially when deploying applications built with tools like Laravel Mix, ensure your build process explicitly handles dependency resolution correctly. Instead of relying solely on the --production flag to filter runtime dependencies, focus on ensuring your deployment script correctly targets the final production assets:

  1. Separate Build and Runtime: Keep devDependencies strictly for building (Webpack setup, asset compilation) and dependencies strictly for application execution.
  2. Use Correct Scripts: In a Laravel context, ensure your deployment command focuses on compiling assets rather than just installing dependencies if you are using a build pipeline. For example, when preparing for production, the focus should be on running commands like npm run production, which in turn executes Webpack to compile assets and then installs necessary runtime modules.
  3. Review Your Toolchain: Always verify that all required packages are listed correctly in the respective sections of your package.json. For more detailed guidance on managing dependencies within a Laravel ecosystem, exploring official resources like those provided by laravelcompany.com can provide excellent context on standard project structure and deployment workflows.

Conclusion

The apparent ignoring of packages in the dependencies array by npm install --production is generally an intentional feature designed to strip down the environment for production deployments, focusing only on runtime needs (which are often implicitly handled or assumed in a deployment pipeline). While it can be counterintuitive when debugging basic installs, understanding that this flag primarily targets development tools helps clarify its purpose. As senior developers, our job is to understand why the tool behaves this way and implement build scripts that explicitly manage these stages, ensuring stability and accuracy across development and production environments.