We are trying to make use of the bundledDependencies array in package.json to include all of the dependencies of that plugin into a single tgz package. npm pack does seem to create the tgz file with the dependency content. Our hope was that downloading one big npm package with all dependencies bundled inside would be more efficient than downloading the 579 dependencies individually.
But, when that built plugin is npm install-ed by another project, the npm logging indicates that about 90% of the individual packages are downloaded again (the tgz files themselves – not just the metadata). Debugging the npm source some, it appears that the extra download is tied to the _hasShrinkwrap property. If the npm dependency metadata doesn’t have a _hasShrinkwrap property or if it is set to true, it’ll download the package to get the npm-shrinkwrap.json contents.
Could it be that we’re doing something wrong to bundle these dependencies that is causing it to reach out to the npm registry for the dependency instead of using the bundled content? Or is that just the expected behavior if the _hasShrinkwrap property isn’t set in the package metadata? And for the packages that aren’t individually downloaded because they have the _hasShrinkwrap property set to false, they do get installed so it must be using the bundled content for the actual installation.