Why are dependencies bundled the way they are (dependencies, devDependencies , peerDependencies)

[jpbnetley]

I am a bit confused as to why tsdown bundles devDependencies by default.
I would expect it to bundle dependencies by default.

I am comparing the npm docs to tsdowns docs:

npm docs

https://docs.npmjs.com/specifying-dependencies-and-devdependencies-in-a-package-json-file

"dependencies": Packages required by your application in production.

"devDependencies": Packages that are only needed for local development and testing.

https://docs.npmjs.com/cli/v11/configuring-npm/package-json#peerdependencies

"peerDependencies": In some cases, you want to express the compatibility of your package with a host tool or library, while not necessarily doing a require of this host.

tsdown docs

The docs for ts down regarding the dependencies:
https://tsdown.dev/options/dependencies#default-behavior

dependencies: These are treated as external and will not be included in the bundle. Instead, they will be installed automatically by npm (or other package managers) when your library is installed.

peerDependencies: These are also treated as external. Users of your library are expected to install these dependencies manually, although some package managers may handle this automatically.

devDependencies: Dependencies listed under devDependencies in your package.json will only be bundled if they are actually imported or required by your source code.

Phantom Dependencies: Dependencies that exist in your node_modules folder but are not explicitly listed in your package.json will only be bundled if they are actually used in your code.

Expectation

Therefor, I would conclude that we use dependencies if we want the packages to be bundled for production,
and we would use devDependencies for local dev only (like typescript for building a package, but we don't want to bundle typescript)

And we would use peerDependencies if we want the project that consumes this library to have a package installed with a spesific version.

I would then expect tsdown to bundle dependencies if they are actually imported or required by your source code.
And peerDependencies and devDependencies to be treated as external.

Does that make sense?
I might be misunderstanding the purpose of dependencies, peerDependencies, devDependencies.

Feel free to link additional resources that I might be missing.
Thank you :)

[sxzz]

#254 (comment)

[sxzz]

Simply put: When users install your package, its dependencies are installed automatically as well. Therefore, you don't need to bundle these dependencies into your dist folder—instead, just reference them from node_modules.

[jpbnetley]

I did read see that post, thank you for sharing.

Aah ok that makes things more clear.
I was testing a Github action, written in typescript, and I was bundling with tsdown.
https://github.com/jpbnetley/semantic-release-version

One of the dependencies I was using (zod) would fail when the github action tried to start up.

Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'zod' imported from /home/runner/work/_actions/jpbnetley/semantic-release-version/v0.0.2/dist/index.js

This is how the package.json that is used in the Github action

"devDependencies": {
    "tsdown": "^0.12.8",
    "typescript": "^5.8.3",
    "vitest": "^3.2.4"
  },
  "packageManager": "pnpm@10.12.1+sha512.f0dda8580f0ee9481c5c79a1d927b9164f2c478e90992ad268bbb2465a736984391d6333d2c327913578b2804af33474ca554ba29c04a8b13060a717675ae3ac",
  "dependencies": {
    "@actions/core": "^1.11.1",
    "@actions/github": "^6.0.1",
    "zod": "^3.25.67"
  }

So in this case, it makes more sense to move zod to the dev dependencies, and maybe move tsdown, typescript, vitest to the dependencies?
Would that be the correct assumption?

Thank you for taking the time to answer my question ❤️

[sxzz]

It seems that a package manager (such as npm, pnpm, or yarn) was not used to install your package; instead, GitHub simply fetched your dist code directly from the repository. In this case, you should move all dependencies to devDependencies, as dependencies are meant for use with package managers (as stated on npmjs.org) and have no effect in your current setup.

[jpbnetley]

aah ok perfect.
Thank you for the info, much appreciated :)