node.js - npm install installing extra packages not specified in package.json -

i have typical package.json on aws ec2 instance. i'm running npm install , instead of installing

{   "name": "angular-app-server",   "description": "back end server support our angular app",   "version": "0.0.1",   "private": true,   "dependencies": {     "assert": "^1.3.0",     "async": "^0.9.0",     "bcrypt-nodejs": "0.0.3",     "body-parser": "^1.13.1",     "connect-multiparty": "^1.2.5",     "express": "~3.0",     "express-namespace": "~0.1.1",     "express-session": "^1.11.1",     "forever": "^0.14.2",     "mongodb": "^2.0.36",     "multiparty": "^4.1.2",     "nodemailer": "^1.3.4",     "open": "0.0.3",     "passport": "~0.1.12",     "passport-local": "~0.1.6",     "request": "~2.16.6",     "svgo": "^0.5.3"   },   "devdependencies": {     "grunt": "~0.4",     "grunt-contrib-jshint": "~0.2.0",     "grunt-contrib-nodeunit": "~0.1.2",     "rewire": "^2.0.1",     "supervisor": "~0.4.1"   } } 

it's installing dozens , dozens of packages, (via cd node_modules & ls):

abbrev                findup-sync                  on-finished addressparser         first-chunk-stream           on-headers align-text            flatiron                     open amdefine              foreground-child             opener ansi-regex            forever                      optimist ansi-styles           forever-agent                optionator argparse              forever-monitor              parseurl asn1                  form-data                    passport assert                formidable                   passport-local assert-plus           fresh                        path-is-absolute async                 getobject                    pause aws-sign              glob                         peakle aws-sign2             graceful-fs                  pend balanced-match        grunt                        pkginfo base64-url            grunt-contrib-jshint         prelude-ls bcrypt-nodejs         grunt-contrib-nodeunit       prompt body-parser           grunt-legacy-log             ps-tree boom                  grunt-legacy-log-utils       punycode brace-expansion       grunt-legacy-util            q broadway              handlebars                   qs bson                  has-ansi                     range-parser buffer-crc32          hawk                         raw-body buffer-equal          hoek                         read buildmail             hooker                       readable-stream bytes                 http-errors                  repeat-string camelcase             http-signature               request center-align          hyperquest                   resolve chalk                                            revalidator cli                   iconv-lite                   rewire cliff                 inflight                     right-align cliui                 inherits                     rimraf clone                 ini                          sax coa                   isarray                      send coffee-script         isstream                     shelljs colors                istanbul                     sigmund combined-stream       is-utf8                      signal-exit commander             jshint                       smtp-connection concat-map            json-stringify-safe          sntp connect               js-yaml                      source-map connect-multiparty    kerberos                     spawn-wrap content-type          kind-of                      sprintf-js cookie                lazy                         stack-trace cookie-jar            lcov-parse                   statuses cookie-signature      levn                         stream-counter core-util-is          libbase64                    string_decoder coveralls             libmime                      stringstream crc                   libqp                        strip-ansi cryptiles             lodash                       strip-bom ctype                 log-driver                   supervisor cycle                 longest                      supports-color dateformat            lru-cache                    svgo debug                 media-typer                  tap decamelize            methods                      tap-mocha-reporter deep-equal            mime                         tap-parser deep-is               mime-db                      through2 delayed-stream        mime-types                   timespan depd                  minimatch                    tough-cookie diff                  minimist                     tunnel-agent director              mkdirp                       type-check duplexer2             mongodb                      type-is ee-first              mongodb-core                 uglify-js es6-promise           ms                           uid-safe escape-string-regexp  multiparty                   underscore escodegen             mute-stream                  underscore.string esprima               nan                          unicode-length estraverse            nconf                        unpipe esutils               ncp                          util eventemitter2         nodemailer                   utile events-to-array       nodemailer-direct-transport  utils-merge event-stream          nodemailer-smtp-transport    watch exit                  nodemailer-wellknown         whet.extend express               nodeunit                     express-namespace     node-uuid                    window-size express-session       nopt                         winston eyes                  nssocket                     wordwrap fast-levenshtein      nyc                          wrappy fd-slicer             oauth-sign                   xtend fileset               once                         yargs 

what cause of this?

thanks advice or help.

this difference between npm 2 , npm 3. npm 3 put first version of dependency peer , other versions of dependency nested.

• https://docs.npmjs.com/how-npm-works/npm3

• https://github.com/npm/npm/issues/11586

i guess looks uglier, takes less space.