[BUG] install --only option not working as intended

[ishanjain28]

Current Behavior:

I have a package.json like,

{
 "dependencies": {
    ... mix of private public packages
 },
"devDependencies": {
    ... mix of private public packages
}

When I run, npm install --only dev It still,

1. Looks for packages in dependencies block.
2. Tries to build the packages in dependencies block.

Expected Behavior:

It should completely ignore the dependencies block and only look for, And build dependencies in devDependencies block.

Steps To Reproduce:

1. Put the following package.json in a folder and run, npm install --only dev.

{
  "dependencies": {
    "@smolcompany/auth": "0.7.0",
    "bcrypt": "1.0.2",
    "moment": "2.10.6"
  },
  "devDependencies": {
    "source-map-support": "^0.5.19",
    "ts-node": "^9.0.0",
    "typescript": "^4.0.5"
  }
}

I get this error,

npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/@smolcompany%2fauth - Not found
npm ERR! 404
npm ERR! 404  '@smolcompany/auth@0.7.0' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/ishan/.npm/_logs/2021-03-08T18_33_35_121Z-debug.log

Environment:

OS: Arch linux
Node: 14.15.4(I have also replicated it with node 15.11)
npm: 7.6.1

[0815fox]

I can confirm this (npm 7.10.0 on debian). After upgrading my current workflow is broken :-(
It seems to me like they removed it, because they thought, that no one needs it. I can agree, that the uses for installing only dev dependencies are not obvious, but especially during testing it has been very helpful for me to somehow omit installing "the real" dependencies.

A second use case for me is automatically generated npm modules in my private npm repository. There i have like a hierarchy of device libraries, all depending on each other. During the release cycle I only need the dev dependencies.
However, having to install "the real" dependencies as well forces my build system to release all my packages in "the right order", because else the dependencies do not yet exist...

[darcyclarke]

npm v7 looks at all of your dependencies no matter what but will only reify the specific types you specify when using --only or --omit or x/y (so that we can create a consistent package-lock.json). If you have a proposal for how this could/would change in the future, please open a issue/pr on our RFCs repo