@types/uuid is listed as a production dependency in many clients #6980
Description
Checkboxes for prior research
- I've gone through Developer Guide and API reference
- I've checked AWS Forums and StackOverflow.
- I've searched for previous similar issues and didn't find any solution.
Describe the bug
I noticed that I seemed to have devDependencies finding a way into my production docker images. Turns out that one of them came from packages in this repo:
pnpm why @types/uuid
Legend: production dependency, optional only, dev only
[email protected] /app
dependencies:
@aws-sdk/client-athena 3.699.0
└── @types/uuid 9.0.8
@aws-sdk/client-secrets-manager 3.699.0
└── @types/uuid 9.0.8
athena-express-plus 8.1.0
└─┬ @aws-sdk/client-athena 3.699.0
└── @types/uuid 9.0.8
A quick code search in the repo shows that it is in quite a few clients.
Regression Issue
- Select this option if this issue appears to be a regression.
SDK version number
@aws-sdk/client-*@3.699.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
v20.19.0
Reproduction Steps
pnpm why @types/uuid
Observed Behavior
@types/uuid is listed as a production dependency, which does not seem correct.
Expected Behavior
That the package is listed as a devDependency.
Possible Solution
List the package as a devDependency.
Additional Information/Context
Other than just being extra stuff in docker images etc. it also triggers security scanners, which makes it something we have to deal with in our company.