angular/angular
Dependencies
External npm dependencies that drive significant framework behavior. The full list is in the root package.json; this page calls out the ones a contributor benefits from knowing about.
Runtime dependencies
| Package | What it does | Why it matters |
|---|---|---|
typescript (6.0.x) |
TypeScript compiler. | Pinned via resolutions so every workspace package uses the same version. Pinning is intentional — ngtsc couples tightly to TypeScript internals. |
rxjs (^7.0.0) |
Reactive primitives. | Used everywhere: HTTP, router events, async pipe, the legacy reactivity story. Signal-based code is gradually replacing direct RxJS usage in the framework's own internals. |
tslib (^2.3.0) |
TypeScript's __extends/__decorate shims. |
Required for the emit; ships with every Angular package. |
zone.js (0.16.x) |
Async-API monkey-patcher. | Versioned in this repo. Optional in zoneless mode but still the default for many apps. |
domino (forked from Mozilla's dom.js) |
A DOM implementation in Node. | Used by @angular/platform-server for SSR. Pinned to a specific commit on the angular/domino fork. |
reflect-metadata (^0.2.0) |
Runtime decorator metadata. | Required by JIT compilation. AOT builds don't ship it. |
esbuild (0.28.x) |
Bundler for several internal targets. | Used by Bazel rules under the hood and by the linker babel-plugin pipeline. |
Compiler dependencies
| Package | What it does |
|---|---|
@babel/core, @babel/cli, @babel/generator |
Babel infrastructure for the linker. |
@babel/plugin-transform-async-generator-functions |
Used in transform pipelines. |
magic-string |
Source-aware string editing for the partial-eval and migration tools. |
source-map, source-map-support |
Source-map tooling for emit and runtime. |
Build / CI
| Package | What it does |
|---|---|
@bazel/bazelisk, @bazel/ibazel, @bazel/buildifier |
Bazel launcher, watcher, and BUILD-file formatter. |
@angular/ng-dev |
The internal CLI; published from angular/dev-infra. |
@angular/cli, @angular-devkit/*, @schematics/angular, @angular/build |
The Angular CLI; consumed in the workspace as workspace deps for testing CLI scenarios. Published from angular/angular-cli. |
karma, karma-*, jasmine, jasmine-core |
Browser test runner. |
cypress |
DevTools E2E. |
gulp, gulp-conventional-changelog, conventional-changelog |
Changelog generation for releases. |
firebase-tools |
Deploys angular.dev to Firebase Hosting. |
Tooling / linting
| Package | What it does |
|---|---|
prettier |
Code formatter. Run via pnpm ng-dev format. |
tslint, tslint-no-toplevel-property-access |
Linter. ESLint replacement has been considered but not adopted. |
tsec |
Trusted-types security checker. |
husky |
Git hook installer. |
Testing
| Package | What it does |
|---|---|
protractor (legacy) |
Earlier E2E framework, still in package.json for some integration tests. |
selenium-webdriver |
Driver for Protractor / browser automation. |
@types/jasmine, @types/node, @types/chrome, @types/yargs, @types/semver |
Types for the test stack. |
Maintenance helpers
| Package | What it does |
|---|---|
tinyglobby |
Fast glob matcher used by build scripts. |
chalk |
Colored CLI output. |
diff |
Used by the diff-release-package script. |
semver |
Semver parser used by release tooling. |
yargs |
CLI argument parsing. |
tmp, adm-zip |
Used by snapshot/publish scripts. |
Special quirks
- AngularJS 1.x. The
package.jsonlists multiple AngularJS versions (angular-1.5,angular-1.6,angular-1.7,angular-1.8) plus matchingangular-mocks-*packages. They're consumed by@angular/upgrade's tests to verify the hybrid integration across the AngularJS major versions still in production use. - The
dominofork. Pinned to a specific commit (928dffb9d9431b2cd2a73d7b940d1575f221e072as ofHEAD) rather than an npm-published version, because Angular has its own bug fixes in the fork. @angular/materialand@angular/cdk. Listed at next-version pins inpackage.jsonbecause the framework repo runs Material's e2e tests on PRs as part of the v22 cross-repo validation.
Update mechanics
The repo uses Renovate (renovate.json) for routine bumps. Major dependency upgrades go through manual PRs with explicit migration notes. The minimumReleaseAge in pnpm-workspace.yaml makes pnpm wait 24 hours after a release before the lockfile can pick it up — a defense against malicious-publish supply chain attacks.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.