Update package.json

[bluelovers]

No description provided.

[0x80]

@bluelovers Could you provide some sort of context and motivation for these changes?

[bluelovers]

avoid dev only deps install on user side

[0x80]

How did you qualify them as dev dependencies?

[quinnturner]

@0x80 Generally, if there's not an explicit require('package-name') in any file in your src, it's a devDependency.

The exception is when one of your dependencies lists something as a peerDependency, which is not likely.

Introducing this PR will significantly reduce the size of user installs and reduce the risk of security issues moving forward on production builds (which only install dependencies, ignoring devDependencies).

For example, node-emoji is only used in your example. By adding it as a dependency, anything that installs your package will also download that even though you don't use it. Also, strip-bom is only used for Flow, which isn't used at runtime.

Also, it looks like you don't use leven at all. You should be able to remove that dependency entirely.

[0x80]

@quinnturner You're right and that was also my understanding but I was getting confused because some dependencies like invariant I would normally use in application code, but it turns out that is also a dependency that isn't used anymore.

I started this repo by copy-pasting files directly from yarn and then stripping the bits that were not relevant. But apparently I never carefully went over all dependencies.

I will merge this and then strip other unused deps. Thanks @bluelovers @quinnturner 👍

[0x80]

I have released a new version. It contains this PR plus removal of several dependencies and updating the remaining minor versions. https://github.com/0x80/yurnalist/releases/tag/v2.1.0