Skip to content

Strip dev-only platform binaries from published package, remove postinstall#516

Draft
gh0stonio wants to merge 2 commits intomodelcontextprotocol:mainfrom
gh0stonio:antoine.leveque/fix-optional-deps-222
Draft

Strip dev-only platform binaries from published package, remove postinstall#516
gh0stonio wants to merge 2 commits intomodelcontextprotocol:mainfrom
gh0stonio:antoine.leveque/fix-optional-deps-222

Conversation

@gh0stonio
Copy link

@gh0stonio gh0stonio commented Mar 3, 2026
edited
Loading

Note: See #518 for a cleaner approach that replaces all platform-specific entries with a single bun devDependency and removes setup-bun.mjs entirely. This PR is kept as a lower-impact alternative.

Summary

Fixes #222

Prevents @oven/bun-* and @rollup/rollup-* platform binaries (~400MB) from being installed by SDK consumers, while keeping them available for contributors.

Builds on the investigation from #451, thanks @ochafik!

Context

At Datadog we're building on MCP Apps and this optionalDependencies bloat is blocking our CI pipelines, which motivated picking this up.

Why moving to devDependencies doesn't work

#451 moved the binaries from optionalDependencies to devDependencies. The problem is these packages declare os/cpu constraints in their own package.json. In optionalDependencies, npm silently skips platform mismatches. In devDependencies, npm ci fails hard (e.g. macOS ARM errors on @oven/bun-linux-x64).

Removing them entirely doesn't work either: contributors need the @oven/bun-* packages installed before prepare runs so that setup-bun.mjs can find and link the bun binary for the build step.

Approach

The binaries must stay in optionalDependencies for contributor installs to work, but they must not appear in the published package.json. The solution uses npm lifecycle hooks to strip them at publish time:

  • prepack (runs before npm pack / npm publish): backs up package.json, then removes only @oven/bun-* and @rollup/rollup-* entries from optionalDependencies (other optional deps are preserved)
  • postpack (runs after): restores the original package.json from backup

Also removes the postinstall script, which is redundant with prepare (line 64) that already runs setup-bun.mjs. The script isn't even shipped in the published package ("files": ["dist"]), so as noted in the #451 review, no INIT_CWD detection is needed.

This is a bit hacky but has the lowest impact on the contributor workflow. No build scripts or setup logic are changed.

Test plan

Verified from a clean state (rm -rf node_modules && npm ci):

  • npm ci succeeds
  • npm run build / npm run build:all succeed
  • npm test passes (85/85)
  • npm run test:e2e passes
  • npm run prettier passes
  • typedoc passes
  • npm pack produces a tarball with no optionalDependencies in its package.json
  • Local package.json is correctly restored after pack (17 optionalDependencies entries)
  • Consumer install from tarball: 92 packages / 26MB, zero @oven/bun-* or @rollup/rollup-*

gh0stonio added 2 commits March 3, 2026 11:35
@gh0stonio
Move bun/rollup binaries to devDependencies, remove postinstall script
b99937b 
Fixes modelcontextprotocol#222. Prevents npm from downloading 400MB+ of platform-specific
binaries for SDK consumers. The `postinstall` script is redundant since
`prepare` already handles bun setup.
@gh0stonio
Strip dev-only platform binaries from published package, remove posti…
8afa81d 
…nstall

Fixes modelcontextprotocol#222. The @oven/bun-* and @rollup/rollup-* in optionalDependencies
cause ~400MB of downloads for consumers. Instead of moving them to
devDependencies (breaks npm ci due to os/cpu constraints), strip them
at prepack time and restore at postpack. Also remove the redundant
postinstall script (prepare already handles bun setup).
@gh0stonio gh0stonio mentioned this pull request Mar 3, 2026
Closed
3 tasks
@gh0stonio gh0stonio marked this pull request as ready for review March 3, 2026 13:08
@gh0stonio gh0stonio mentioned this pull request Mar 3, 2026
Open
9 tasks
@gh0stonio gh0stonio marked this pull request as draft March 3, 2026 14:00
@gh0stonio gh0stonio changed the title Move bun/rollup binaries to devDependencies, remove postinstall script Strip dev-only platform binaries from published package, remove postinstall Mar 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(optional)Dependencies on Bun and Rollup adds 400+ MB to the install size

1 participant

@gh0stonio