Our build pipeline is npm install -> npm test -> Zip the artifact.
This however means our artifact contains all devDependencies. If we do npm --only=production we lose the devDependencies but npm test will fail.
How can we generated a tested artifact without devDependencies? Do we just have to trust that our app will run without the devDependencies after we test with them?
BONUS question: How should npm ci fit into this workflow?
You will want to follow have your process to the effect of the following:
First, you need to "install with all dependencies".
npm install
Then do your tests.
npm test
Then "prune" your dev dependencies as below, as detailed in the docs doing this "will remove the packages specified in your devDependencies".
npm prune --production
Regarding npm ci you can simply use this in place of npm install if you have a package-lock.json, see this great answer for an explanation of the difference.
