Don't install NPM modules from my apps dependencies

[danielcompton]

Currently lein-npm looks inside all of the JARs on the classpath to find any project.clj's with lein-npm dependencies specified. I'm not 100% sure of the use case for this, but I guess it's so that library writers can ensure that their dependencies are downloaded. This behaviour is a little bit counterintuitive for people (see: http://stackoverflow.com/questions/41910529/lein-npm-downloads-dependencies-of-dependencies-re-frame-template), and I've had the same thing happen to me in the past. This is hinted at in

I am not convinced that pulling node dependencies of maven dependencies is the right thing to do. I'd like to get a better understanding of why this is done.

• resolve-in-jar-dep is a wee bit brittle #14 (comment)

I'm not really sure what the right answer here is:

• Leave it as is
• Don't install devDependencies from my dependencies project.clj
• Add the ability for people to specify (via metadata, or a new key) that an NPM dependency is really required to be downloaded as part of the project, and assume the rest aren't needed.

My feeling is that lein-npm would mostly be used for tooling/processing purposes, but that it is unlikely that consumers of a project that uses lein-npm would need the node modules to be downloaded themselves.

[RyanMcG]

Hey @danielcompton, thanks for commenting.

Honestly, I don't use this library much anymore. If you think not resolving deps makes sense, let's at least provide the option. I'd say per-dep metadata to indicate that npm deps are necessary is the way to go.

A PR would be very welcome.

[danielcompton]

I think devDependencies is the right place for this. I'm pretty sure the current behaviour is correct. I'll try and provide a docs PR to make this option clearer for people and let them know about the implications of both.